Branch t7 update bulletin.

Package chromium updated to version 37.0.2062.120-alt1.M70P.1 for branch t7 in task 130970.

Published: 2014-09-10

BDU:2015-00193

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2014-3178

Published: 2014-09-10

BDU:2015-00201

Уязвимости браузера Google Chrome, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2014-3179

Published: 2014-09-10
Modified: 2025-04-12

CVE-2014-3178

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-09-10
Modified: 2025-04-12

CVE-2014-3179

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Package seamonkey updated to version 2.29-alt1.M70P.1 for branch t7 in task 130970.

seamonkey-2.29-alt1.i586 падает на старте

Package kernel-image-std-def updated to version 3.14.19-alt1 for branch t7 in task 130971.

Published: 2014-09-28
Modified: 2025-04-12

CVE-2014-6416

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

Published: 2014-09-28
Modified: 2025-04-12

CVE-2014-6417

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

Published: 2014-09-28
Modified: 2025-04-12

CVE-2014-6418

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2014-09-28
Modified: 2025-04-12

CVE-2014-7145

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

Package kernel-image-std-pae updated to version 3.14.19-alt1 for branch t7 in task 130972.

Published: 2014-06-07

BDU:2014-00063

Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2013-01-22

BDU:2015-04307

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04308

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04309

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 1970-01-01

BDU:2015-04310

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2014-06-07

BDU:2015-05900

Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05901

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05902

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05903

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05904

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05905

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05906

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05907

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05908

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05909

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05910

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05911

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05912

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05913

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05914

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05915

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05916

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05917

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05918

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05919

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05920

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05921

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05922

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2014-3153

Published: 2014-03-24
Modified: 2025-04-12

CVE-2014-2523

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2014-06-07
Modified: 2025-10-22

CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

ALT-BU-2014-3004-1

Closed vulnerabilities

Closed bugs

Closed vulnerabilities

Closed vulnerabilities