Branch c7 update bulletin.

Package libjasper updated to version 1.900.1-alt3 for branch c7 in task 116706.

Multiple security vulnerabilities

Package libssh updated to version 0.5.5-alt0.M70P.1 for branch c7 in task 116706.

Published: 2013-02-06
Modified: 2024-11-21

CVE-2013-0176

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Severity: MEDIUM (4.3)

References:

Package libyaml updated to version 0.1.5-alt1 for branch c7 in task 116706.

Published: 2014-02-06

BDU:2015-04120

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8)

References:

Published: 2014-02-07
Modified: 2024-11-21

CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

Severity: MEDIUM (6.8)

References:

CVE-2013-6393 -- libyaml: heap-based buffer overflow when parsing YAML tags

Version: 2.1.0

Branch c7 update on 2014-03-26

ALT-BU-2014-2660-1

ALT-PU-2014-1356-1

Closed bugs

Bug #29241

ALT-PU-2014-1357-1

Closed vulnerabilities

CVE-2013-0176

ALT-PU-2014-1358-1

Closed vulnerabilities

BDU:2015-04120

CVE-2013-6393

Closed bugs

Bug #29802