Branch sisyphus update bulletin.

Package kernel-image-led-ws updated to version 3.10.25-alt4 for branch sisyphus in task 111483.

Published: 2013-01-22

BDU:2015-04307

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04308

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04309

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04310

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2013-11-20
Modified: 2025-04-11

CVE-2013-4579

The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Package kernel-image-led-vs updated to version 3.10.25-alt4 for branch sisyphus in task 111483.

Published: 2013-01-22

BDU:2015-04307

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04308

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04309

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04310

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2013-11-20
Modified: 2025-04-11

CVE-2013-4579

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Package adobe-flash-player updated to version 11-alt23 for branch sisyphus in task 111536.

Published: 2013-12-11
Modified: 2025-04-11

CVE-2013-5331

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2013-12-11
Modified: 2025-04-11

CVE-2013-5332

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Package openssl10 updated to version 1.0.1f-alt1 for branch sisyphus in task 111582.

Published: 2013-12-23

BDU:2015-01314

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

References:

Published: 2014-02-21

BDU:2015-09745

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-12-26

BDU:2015-09775

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-01-09
Modified: 2025-04-11

CVE-2013-4353

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2013-12-23
Modified: 2025-04-11

CVE-2013-6449

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-01-01
Modified: 2025-04-11

CVE-2013-6450

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

References:

Version: 2.1.2

Branch sisyphus update on 2014-01-10

ALT-BU-2014-2509-1

ALT-PU-2014-1012-1

Closed vulnerabilities

BDU:2015-04307

BDU:2015-04308

BDU:2015-04309

BDU:2015-04310

CVE-2013-4579

ALT-PU-2014-1013-1

Closed vulnerabilities

BDU:2015-04307

BDU:2015-04308

BDU:2015-04309

BDU:2015-04310

CVE-2013-4579

ALT-PU-2014-1014-1

Closed vulnerabilities

CVE-2013-5331

CVE-2013-5332

ALT-PU-2014-1019-1

Closed vulnerabilities

BDU:2015-01314

BDU:2015-09745

BDU:2015-09775

CVE-2013-4353

CVE-2013-6449

CVE-2013-6450