ALT Linux Team

Branch sisyphus update on 2014-04-26

2014-04-26

ALT-BU-2014-2736-1

Branch sisyphus update bulletin.

ALT-PU-2014-1540-1

Package rsyslog updated to version 8.2.1-alt1 for branch sisyphus in task 118814.

Closed vulnerabilities

Published: 2013-10-04
Modified: 2025-04-11

CVE-2013-4758

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:

ALT-PU-2014-1545-1

Package xen updated to version 4.4.0-alt6 for branch sisyphus in task 118832.

Closed vulnerabilities

Published: 2014-04-24
Modified: 2025-04-12

CVE-2014-2915

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.

Severity: MEDIUM (5.5) Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2014-04-28
Modified: 2025-04-12

CVE-2014-2986

The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.

Severity: MEDIUM (5.5) Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top