Branch sisyphus update bulletin.

Package libmongoc updated to version 1.0.0-alt1.git20140826 for branch sisyphus in task 129874.

Published: 2020-08-12

BDU:2020-03812

Уязвимость программного пакета для парсинга BSON, вызванная целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

CVE-2020-12135

Published: 2020-04-24
Modified: 2024-11-21

CVE-2020-12135

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package systemd updated to version 216-alt1 for branch sisyphus in task 129259.

Published: 2016-10-13
Modified: 2025-04-12

CVE-2016-7796

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Не выполняет /etc/firsttime.d/ вовремя.

split zsh completions for systemd and journalctl

initscript uses obsolete kernel interface

Version: 2.1.2

Branch sisyphus update on 2014-09-12

ALT-BU-2014-2980-1

ALT-PU-2014-2131-1

Closed vulnerabilities

BDU:2020-03812

CVE-2020-12135

ALT-PU-2014-2133-1

Closed vulnerabilities

CVE-2016-7796

Closed bugs

Bug #29200

Bug #29698

Bug #30275