ALT-BU-2015-2496-1
Branch sisyphus update bulletin.
Closed bugs
Собран со старым gstreamer
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
- http://www.cs.tau.ac.il/~tromer/radioexp/
- http://www.cs.tau.ac.il/~tromer/radioexp/
- http://www.debian.org/security/2015/dsa-3184
- http://www.debian.org/security/2015/dsa-3184
- http://www.debian.org/security/2015/dsa-3185
- http://www.debian.org/security/2015/dsa-3185
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
Modified: 2024-11-21
CVE-2015-0837
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
- http://www.debian.org/security/2015/dsa-3184
- http://www.debian.org/security/2015/dsa-3184
- http://www.debian.org/security/2015/dsa-3185
- http://www.debian.org/security/2015/dsa-3185
- https://ieeexplore.ieee.org/document/7163050
- https://ieeexplore.ieee.org/document/7163050
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
Closed vulnerabilities
BDU:2015-10394
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить произвольный код
BDU:2015-10395
Уязвимость гипервизора Xen, позволяющая нарушителю выполнить произвольный код
BDU:2015-11298
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-3209
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- FEDORA-2015-10001
- FEDORA-2015-10001
- FEDORA-2015-9978
- FEDORA-2015-9978
- FEDORA-2015-9965
- FEDORA-2015-9965
- SUSE-SU-2015:1042
- SUSE-SU-2015:1042
- SUSE-SU-2015:1045
- SUSE-SU-2015:1045
- SUSE-SU-2015:1152
- SUSE-SU-2015:1152
- SUSE-SU-2015:1156
- SUSE-SU-2015:1156
- SUSE-SU-2015:1157
- SUSE-SU-2015:1157
- SUSE-SU-2015:1206
- SUSE-SU-2015:1206
- SUSE-SU-2015:1426
- SUSE-SU-2015:1426
- SUSE-SU-2015:1519
- SUSE-SU-2015:1519
- SUSE-SU-2015:1643
- SUSE-SU-2015:1643
- RHSA-2015:1087
- RHSA-2015:1087
- RHSA-2015:1088
- RHSA-2015:1088
- RHSA-2015:1089
- RHSA-2015:1089
- RHSA-2015:1189
- RHSA-2015:1189
- DSA-3284
- DSA-3284
- DSA-3285
- DSA-3285
- DSA-3286
- DSA-3286
- 75123
- 75123
- 1032545
- 1032545
- USN-2630-1
- USN-2630-1
- http://xenbits.xen.org/xsa/advisory-135.html
- http://xenbits.xen.org/xsa/advisory-135.html
- https://kb.juniper.net/JSA10783
- https://kb.juniper.net/JSA10783
- GLSA-201510-02
- GLSA-201510-02
- GLSA-201604-03
- GLSA-201604-03
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Modified: 2024-11-21
CVE-2015-4037
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
- FEDORA-2015-9601
- FEDORA-2015-9601
- FEDORA-2015-9599
- FEDORA-2015-9599
- SUSE-SU-2015:1152
- SUSE-SU-2015:1152
- SUSE-SU-2015:1519
- SUSE-SU-2015:1519
- openSUSE-SU-2015:1965
- openSUSE-SU-2015:1965
- DSA-3284
- DSA-3284
- DSA-3285
- DSA-3285
- [oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request
- [oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request
- [oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request
- [oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request
- [oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request
- [oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request
- 74809
- 74809
- 1032547
- 1032547
- USN-2630-1
- USN-2630-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1222892
- https://bugzilla.redhat.com/show_bug.cgi?id=1222892
Closed bugs
dnsmasq.service пытается запуститься до того как настроится сеть