Branch sisyphus update bulletin.

Package clamav updated to version 0.98.4-alt1 for branch sisyphus in task 121686.

ClamAV 0.98.3 has been released!

Package dbus updated to version 1.8.4-alt1 for branch sisyphus in task 121728.

Published: 2014-12-13

BDU:2015-09788

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2014-07-01
Modified: 2025-04-12

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Package squashfs-tools updated to version 4.3-alt2 for branch sisyphus in task 121667.

[4.3] 32-bit xz compression fails

Version: 2.1.2

Branch sisyphus update on 2014-06-20

ALT-BU-2014-2840-1

ALT-PU-2014-1797-1

Closed bugs

Bug #30087

ALT-PU-2014-1798-1

Closed vulnerabilities

BDU:2015-09788

CVE-2014-3477

ALT-PU-2014-1799-1

Closed bugs

Bug #30103