ALT Linux Team

Branch sisyphus update on 2014-09-06

2014-09-06

ALT-BU-2014-2962-1

Branch sisyphus update bulletin.

ALT-PU-2014-2079-1

Package libpixman updated to version 0.32.6-alt1 for branch sisyphus in task 129069.

Closed vulnerabilities

Published: 2016-04-13

BDU:2016-01651

Уязвимость библиотеки Pixman, позволяющая нарушителю вызвать отказ в обслуживании (завершение работы приложения) или выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2016-04-13
Modified: 2025-04-12

CVE-2014-9766

Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2014-2080-1

Package wireshark updated to version 1.12.0-alt1 for branch sisyphus in task 129078.

Closed vulnerabilities

Published: 2014-09-20

BDU:2015-00767

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-09-20

BDU:2015-00768

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01

BDU:2015-00777

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01

BDU:2015-00778

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01

BDU:2015-00779

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01

BDU:2015-00780

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01

BDU:2015-00781

Уязвимость программного обеспечения Wireshark Network Protocol Analyzer, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-5161

The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-5162

The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-5163

The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-5164

The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-5165

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-09-20
Modified: 2025-04-12

CVE-2014-6421

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-09-20
Modified: 2025-04-12

CVE-2014-6422

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top