Branch sisyphus update bulletin.

Package libXfont updated to version 1.4.8-alt1 for branch sisyphus in task 119853.

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06368

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06369

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06370

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06371

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06372

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06373

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06374

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09764

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-05-15
Modified: 2025-04-12

CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-05-15
Modified: 2025-04-12

CVE-2014-0210

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-05-15
Modified: 2025-04-12

CVE-2014-0211

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Package cups-filters updated to version 1.0.53-alt1 for branch sisyphus in task 119889.

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06081

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06082

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06083

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06084

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09199

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09200

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09201

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09202

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-06-22
Modified: 2025-04-12

CVE-2014-4336

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

Severity: MEDIUM (5.8) Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-06-22
Modified: 2025-04-12

CVE-2014-4337

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-06-22
Modified: 2025-04-12

CVE-2014-4338

cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.

Severity: MEDIUM (4.0) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

References:

Version: 2.1.2

Branch sisyphus update on 2014-05-17

ALT-BU-2014-2780-1

ALT-PU-2014-1649-1

Closed vulnerabilities

BDU:2015-06368

BDU:2015-06369

BDU:2015-06370

BDU:2015-06371

BDU:2015-06372

BDU:2015-06373

BDU:2015-06374

BDU:2015-09764

CVE-2014-0209

CVE-2014-0210

CVE-2014-0211

ALT-PU-2014-1665-1

Closed vulnerabilities

BDU:2015-06081

BDU:2015-06082

BDU:2015-06083

BDU:2015-06084

BDU:2015-09199

BDU:2015-09200

BDU:2015-09201

BDU:2015-09202

CVE-2014-4336

CVE-2014-4337

CVE-2014-4338