ALT-BU-2014-2953-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2015-01463
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Modified: 2024-11-21
CVE-2014-3537
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
- http://advisories.mageia.org/MGASA-2014-0313.html
- http://advisories.mageia.org/MGASA-2014-0313.html
- APPLE-SA-2014-10-16-1
- APPLE-SA-2014-10-16-1
- FEDORA-2014-8351
- FEDORA-2014-8351
- RHSA-2014:1388
- RHSA-2014:1388
- 59945
- 59945
- 60273
- 60273
- 60787
- 60787
- http://www.cups.org/blog.php?L724
- http://www.cups.org/blog.php?L724
- http://www.cups.org/str.php?L4450
- http://www.cups.org/str.php?L4450
- MDVSA-2015:108
- MDVSA-2015:108
- 68788
- 68788
- 1030611
- 1030611
- USN-2293-1
- USN-2293-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1115576
- https://bugzilla.redhat.com/show_bug.cgi?id=1115576
- https://support.apple.com/kb/HT6535
- https://support.apple.com/kb/HT6535
Modified: 2024-11-21
CVE-2014-5030
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
- http://advisories.mageia.org/MGASA-2014-0313.html
- http://advisories.mageia.org/MGASA-2014-0313.html
- RHSA-2014:1388
- RHSA-2014:1388
- 60509
- 60509
- 60787
- 60787
- DSA-2990
- DSA-2990
- MDVSA-2015:108
- MDVSA-2015:108
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- USN-2341-1
- USN-2341-1
- https://cups.org/str.php?L4455
- https://cups.org/str.php?L4455
Modified: 2024-11-21
CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
- http://advisories.mageia.org/MGASA-2014-0313.html
- http://advisories.mageia.org/MGASA-2014-0313.html
- RHSA-2014:1388
- RHSA-2014:1388
- 60509
- 60509
- 60787
- 60787
- DSA-2990
- DSA-2990
- MDVSA-2015:108
- MDVSA-2015:108
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- USN-2341-1
- USN-2341-1
- https://cups.org/str.php?L4455
- https://cups.org/str.php?L4455
Closed bugs
Конфликтует с пакетом pv, ломает vzctl
Closed vulnerabilities
BDU:2015-09708
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации
Modified: 2024-11-21
CVE-2013-2236
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.
- http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88
- http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88
- [quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow
- [quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow
- http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt
- http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt
- RHSA-2017:0794
- RHSA-2017:0794
- [oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun
- [oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun
- DSA-2803
- DSA-2803
- 60955
- 60955
- USN-2941-1
- USN-2941-1