ALT-BU-2015-2310-2
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2020-04521
Уязвимость системы межпроцессорного взаимодействия D-Bus, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-0245
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
- http://advisories.mageia.org/MGASA-2015-0071.html
- http://advisories.mageia.org/MGASA-2015-0071.html
- openSUSE-SU-2015:0300
- openSUSE-SU-2015:0300
- DSA-3161
- DSA-3161
- MDVSA-2015:176
- MDVSA-2015:176
- [oss-security] 20150209 CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation
- [oss-security] 20150209 CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-7557
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
- [oss-security] 20151221 CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion
- [oss-security] 20151221 CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion
- https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df
- https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df
- https://git.gnome.org/browse/librsvg/tree/NEWS
- https://git.gnome.org/browse/librsvg/tree/NEWS
Package alterator-net-iptables updated to version 4.19.5-alt1 for branch sisyphus in task 140537.
Closed bugs
Некорректный подсчет сетевого трафика
Package mkimage-profiles updated to version 1.1.58-alt1 for branch sisyphus in task 140547.
Closed bugs
[FR] box для vagrant на базе Сизифа
Package terminology updated to version 0.8.0-alt1 for branch sisyphus in task 140467.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8971
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
- DSA-3712
- DSA-3712
- [oss-security] 20161104 CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7
- [oss-security] 20161104 CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7
- [oss-security] 20161104 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7
- [oss-security] 20161104 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7
- [oss-security] 20161107 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7
- [oss-security] 20161107 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7
- 94132
- 94132
- https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
- https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5