ALT-BU-2015-2639-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-0011
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.
Modified: 2024-11-21
CVE-2014-8240
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
- [oss-security] 20141010 Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver
- [oss-security] 20141010 Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver
- [oss-security] 20141011 Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver
- [oss-security] 20141011 Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 70391
- 70391
- https://bugzilla.redhat.com/show_bug.cgi?id=1151307
- https://bugzilla.redhat.com/show_bug.cgi?id=1151307
- tigervnc-cve20148240-bo(96947)
- tigervnc-cve20148240-bo(96947)
- GLSA-201612-36
- GLSA-201612-36
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-3420
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
- FEDORA-2015-7156
- FEDORA-2015-7156
- FEDORA-2015-7089
- FEDORA-2015-7089
- FEDORA-2015-7159
- FEDORA-2015-7159
- [oss-security] 20150427 Re: CVE request: Dovecot remote DoS on TLS connections
- [oss-security] 20150427 Re: CVE request: Dovecot remote DoS on TLS connections
- [oss-security] 20150428 Re: Re: CVE request: Dovecot remote DoS on TLS connections
- [oss-security] 20150428 Re: Re: CVE request: Dovecot remote DoS on TLS connections
- 74335
- 74335
- https://bugzilla.redhat.com/show_bug.cgi?id=1216057
- https://bugzilla.redhat.com/show_bug.cgi?id=1216057
- [dovecot] 20150424 [patch] TLS Handshake failures can crash imap-login
- [dovecot] 20150424 [patch] TLS Handshake failures can crash imap-login
- [dovecot-news] 20150513 [Dovecot-news] v2.2.17 released
- [dovecot-news] 20150513 [Dovecot-news] v2.2.17 released
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
- DSA-3407
- DSA-3407
- USN-2820-1
- USN-2820-1
- https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
- https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
- https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
- https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324
- GLSA-201612-07
- GLSA-201612-07