Branch sisyphus update bulletin.

Package libvdpau updated to version 1.1.1-alt1 for branch sisyphus in task 148762.

Published: 2015-09-23
Modified: 2021-03-23

BDU:2015-11337

Уязвимость библиотеки libvdpau, позволяющая нарушителю выполнять запись произвольных файлов

Severity: MEDIUM (6.3) Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C

References:

Published: 2015-09-23
Modified: 2021-03-23

BDU:2015-11338

Уязвимость библиотеки libvdpau, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-23
Modified: 2021-03-23

BDU:2015-11339

Уязвимость библиотеки libvdpau, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08
Modified: 2025-04-12

CVE-2015-5198

libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08
Modified: 2025-04-12

CVE-2015-5199

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08
Modified: 2025-04-12

CVE-2015-5200

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

Severity: MEDIUM (6.3) Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C

References:

Package virtualbox updated to version 4.3.30-alt2 for branch sisyphus in task 148768.

Отсутствует поддержка COM/XPCOM интерфейса для С++ кода

Для утилит нет синонимов в нижнем регистре

Package nvidia_glx_common updated to version 352.41-alt154 for branch sisyphus in task 148779.

Published: 2015-09-30
Modified: 2025-04-12

CVE-2015-5950

The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Version: 2.1.2

Branch sisyphus update on 2015-09-02

ALT-BU-2015-2616-1

ALT-PU-2015-1741-1

Closed vulnerabilities

BDU:2015-11337

BDU:2015-11338

BDU:2015-11339

CVE-2015-5198

CVE-2015-5199

CVE-2015-5200

ALT-PU-2015-1744-1

Closed bugs

Bug #31178

Bug #31245

ALT-PU-2015-1745-1

Closed vulnerabilities

CVE-2015-5950