ALT Linux Team

Branch sisyphus update on 2013-11-08

2013-11-08

ALT-BU-2013-1344-1

Branch sisyphus update bulletin.

ALT-PU-2013-1060-1

Package kernel-image-led-ws updated to version 3.10.18-alt6 for branch sisyphus in task 108001.

Closed vulnerabilities

Published: 2013-11-12
Modified: 2024-11-21

CVE-2013-4511

Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.

References:

ALT-PU-2013-1061-1

Package kernel-image-led-vs updated to version 3.10.18-alt6 for branch sisyphus in task 108002.

Closed vulnerabilities

Published: 2013-11-12
Modified: 2024-11-21

CVE-2013-4511

Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.

References:

ALT-PU-2013-1066-1

Package cmake updated to version 2.8.12.1-alt1 for branch sisyphus in task 108020.

Closed bugs

Bug #27879

Добавить дополнительные параметры к макросу cmake

ALT-PU-2013-1068-1

Package wireshark updated to version 1.10.3-alt1 for branch sisyphus in task 108033.

Closed vulnerabilities

Published: 2013-11-04
Modified: 2024-11-21

CVE-2013-6336

The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Severity: MEDIUM (4.3)
References:
Published: 2013-11-04
Modified: 2024-11-21

CVE-2013-6337

Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Severity: MEDIUM (4.3)
References:
Published: 2013-11-04
Modified: 2024-11-21

CVE-2013-6338

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Severity: MEDIUM (4.3)
References:
Published: 2013-11-04
Modified: 2024-11-21

CVE-2013-6339

The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.

Severity: MEDIUM (4.3)
References:
Published: 2013-11-04
Modified: 2024-11-21

CVE-2013-6340

epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Severity: MEDIUM (4.3)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top