ALT-BU-2015-2434-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
- http://curl.haxx.se/docs/adv_20150429.html
- http://curl.haxx.se/docs/adv_20150429.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
- APPLE-SA-2015-08-13-2
- APPLE-SA-2015-08-13-2
- openSUSE-SU-2015:0861
- openSUSE-SU-2015:0861
- DSA-3240
- DSA-3240
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 74408
- 74408
- 1032233
- 1032233
- USN-2591-1
- USN-2591-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10131
- https://kc.mcafee.com/corporate/index?page=content&id=SB10131
- https://support.apple.com/kb/HT205031
- https://support.apple.com/kb/HT205031
Closed vulnerabilities
BDU:2016-00128
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
- FEDORA-2015-5482
- FEDORA-2015-5482
- FEDORA-2015-5541
- FEDORA-2015-5541
- SUSE-SU-2015:0870
- SUSE-SU-2015:0870
- SUSE-SU-2015:0896
- SUSE-SU-2015:0896
- RHSA-2015:1931
- RHSA-2015:1931
- RHSA-2015:1943
- RHSA-2015:1943
- DSA-3259
- DSA-3259
- [oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- [oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- [oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- [oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 73303
- 73303
- 1033975
- 1033975
- USN-2608-1
- USN-2608-1
- [Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
- [Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
- [Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients
- [Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients
- [Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
- [Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
- GLSA-201602-01
- GLSA-201602-01
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-3414
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- RHSA-2015:1635
- RHSA-2015:1635
- 20150414 several issues in SQLite (+ catching up on several other bugs)
- 20150414 several issues in SQLite (+ catching up on several other bugs)
- DSA-3252
- DSA-3252
- MDVSA-2015:217
- MDVSA-2015:217
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 74228
- 74228
- 1033703
- 1033703
- USN-2698-1
- USN-2698-1
- GLSA-201507-05
- GLSA-201507-05
- https://support.apple.com/HT205213
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2
- https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2
Modified: 2024-11-21
CVE-2015-3415
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- RHSA-2015:1635
- RHSA-2015:1635
- 20150414 several issues in SQLite (+ catching up on several other bugs)
- 20150414 several issues in SQLite (+ catching up on several other bugs)
- DSA-3252
- DSA-3252
- MDVSA-2015:217
- MDVSA-2015:217
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 74228
- 74228
- 1033703
- 1033703
- USN-2698-1
- USN-2698-1
- GLSA-201507-05
- GLSA-201507-05
- https://support.apple.com/HT205213
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30
- https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30
Modified: 2024-11-21
CVE-2015-3416
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- RHSA-2015:1634
- RHSA-2015:1634
- RHSA-2015:1635
- RHSA-2015:1635
- 20150414 several issues in SQLite (+ catching up on several other bugs)
- 20150414 several issues in SQLite (+ catching up on several other bugs)
- DSA-3252
- DSA-3252
- MDVSA-2015:217
- MDVSA-2015:217
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 74228
- 74228
- 1033703
- 1033703
- http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920
- http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920
- USN-2698-1
- USN-2698-1
- GLSA-201507-05
- GLSA-201507-05
- https://support.apple.com/HT205213
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
Modified: 2024-11-21
CVE-2015-3717
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Closed vulnerabilities
BDU:2015-10385
Уязвимость операционной системы Ubuntu, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-10386
Уязвимость операционной системы Ubuntu, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2015-2806
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
- http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149
- http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149
- FEDORA-2015-5182
- FEDORA-2015-5182
- FEDORA-2015-5114
- FEDORA-2015-5114
- FEDORA-2015-5308
- FEDORA-2015-5308
- FEDORA-2015-5199
- FEDORA-2015-5199
- FEDORA-2015-5390
- FEDORA-2015-5390
- FEDORA-2015-5245
- FEDORA-2015-5245
- DSA-3220
- DSA-3220
- MDVSA-2015:193
- MDVSA-2015:193
- [oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)
- [oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)
- [oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)
- [oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 73436
- 73436
- 1032080
- 1032080
- USN-2559-1
- USN-2559-1
- RHSA-2017:1860
- RHSA-2017:1860
- GLSA-201509-04
- GLSA-201509-04