ALT-BU-2014-3064-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2014-8360
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
- http://advisories.mageia.org/MGASA-2015-0017.html
- http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=330
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
- https://forge.indepnet.net/issues/5101
- http://advisories.mageia.org/MGASA-2015-0017.html
- http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=330
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
- https://forge.indepnet.net/issues/5101
Package strongswan updated to version 5.2.1-alt1 for branch sisyphus in task 132771.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2014-9221
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html
- http://secunia.com/advisories/62071
- http://secunia.com/advisories/62083
- http://secunia.com/advisories/62095
- http://secunia.com/advisories/62663
- http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html
- http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html
- http://www.debian.org/security/2015/dsa-3118
- http://www.securityfocus.com/bid/71894
- http://www.ubuntu.com/usn/USN-2450-1
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html
- http://secunia.com/advisories/62071
- http://secunia.com/advisories/62083
- http://secunia.com/advisories/62095
- http://secunia.com/advisories/62663
- http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html
- http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html
- http://www.debian.org/security/2015/dsa-3118
- http://www.securityfocus.com/bid/71894
- http://www.ubuntu.com/usn/USN-2450-1
Closed vulnerabilities
Modified: 2025-04-12
CVE-2014-7208
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
Package python-module-parted updated to version 3.10.0-alt1 for branch sisyphus in task 132752.
Closed bugs
[FR] Обновить версию и собрать для python3