Branch p7 update bulletin.

Package fail2ban updated to version 0.8.13-alt3 for branch p7 in task 122132.

Published: 2012-12-31
Modified: 2024-11-21

CVE-2012-5642

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.

Severity: HIGH (7.5)

References:

Published: 2013-08-29
Modified: 2024-11-21

CVE-2013-2178

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

Severity: MEDIUM (5.0)

References:

Published: 2014-02-01
Modified: 2024-11-21

CVE-2013-7176

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Severity: MEDIUM (5.0)

References:

Published: 2014-02-01
Modified: 2024-11-21

CVE-2013-7177

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Severity: MEDIUM (5.0)

References:

Не работает с systemd

Package cups-filters updated to version 1.0.54-alt2.M70P.1 for branch p7 in task 125605.

Published: 2014-03-14

BDU:2015-04125

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8)

References:

Published: 2014-11-03

BDU:2015-06081

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3)

References:

Published: 2014-11-03

BDU:2015-06082

Severity: MEDIUM (4.3)

References:

Published: 2014-11-03

BDU:2015-06083

Severity: MEDIUM (4.3)

References:

Published: 2014-11-03

BDU:2015-06084

Severity: MEDIUM (4.3)

References:

Published: 2014-11-04

BDU:2015-09199

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3)

References:

Published: 2014-11-04

BDU:2015-09200

Severity: MEDIUM (4.3)

References:

Published: 2014-11-04

BDU:2015-09201

Severity: MEDIUM (4.3)

References:

Published: 2014-11-04

BDU:2015-09202

Severity: MEDIUM (4.3)

References:

Published: 2014-06-16

BDU:2015-09753

Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.3)

References:

Published: 2014-03-14
Modified: 2024-11-21

CVE-2013-6473

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.

Severity: MEDIUM (6.8)

References:

Published: 2014-03-14
Modified: 2024-11-21

CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

Severity: MEDIUM (6.8)

References:

Published: 2014-03-14
Modified: 2024-11-21

CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

Severity: MEDIUM (6.8)

References:

Published: 2014-03-14
Modified: 2024-11-21

CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

Severity: MEDIUM (4.4)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4336

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

Severity: MEDIUM (5.8)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4337

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

Severity: MEDIUM (4.3)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4338

cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.

Severity: MEDIUM (4.0)

References:

В пакете нет init-файла для сервиса cups-browsed

Обновление до 1.0.46 поломало печать (Filter failed)

Package hplip updated to version 3.14.6-alt0.M70P.1 for branch p7 in task 125605.

Published: 2013-03-06

BDU:2015-02622

Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

References:

Published: 2013-09-19

BDU:2015-06765

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

References:

Published: 2013-09-19

BDU:2015-06766

References:

Published: 2013-09-19

BDU:2015-06767

References:

Published: 2013-09-19

BDU:2015-06768

References:

Published: 2013-09-19

BDU:2015-06769

References:

Published: 2013-09-19

BDU:2015-06770

References:

Published: 2013-09-19

BDU:2015-06805

References:

Published: 2013-09-20

BDU:2015-09048

Уязвимость операционной системы CentOS, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

References:

Published: 2013-09-20

BDU:2015-09049

References:

Published: 2013-09-20

BDU:2015-09050

References:

Published: 2013-09-20

BDU:2015-09051

References:

Published: 2013-09-20

BDU:2015-09052

References:

Published: 2014-06-26

BDU:2015-09744

Severity: HIGH (7.2)

References:

Published: 2013-09-23
Modified: 2024-11-21

CVE-2013-4325

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

References:

Published: 2014-01-06
Modified: 2024-11-21

CVE-2013-6402

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.

Severity: LOW (2.1)

References:

Published: 2013-12-09
Modified: 2024-11-21

CVE-2013-6427

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

Severity: MEDIUM (6.8)

References:

Обновить версию hplip

Version: 3.14.6

Version: 2.1.0

ALT-BU-2014-2897-1

Closed vulnerabilities

Closed bugs

Closed vulnerabilities

Closed bugs

Closed vulnerabilities

Closed bugs