ALT-BU-2015-2743-1
Branch sisyphus update bulletin.
Closed bugs
pid & logrotate fixes
Package mount-tray updated to version 1.2.5-alt3 for branch sisyphus in task 153367.
Closed bugs
add Requires: libqt4-svg
Closed vulnerabilities
BDU:2015-12110
Уязвимость графического интерфейса GNOME Display Manager операционной системы Fedora, позволяющая нарушителю обойти экран блокировки
Modified: 2024-11-21
CVE-2015-7496
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
- FEDORA-2015-271025c598
- FEDORA-2015-271025c598
- [oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash
- [oss-security] 20151117 Re: CVE request for Gnome gdm/screen lock crash
- [oss-security] 20151117 CVE request for Gnome gdm/screen lock crash
- [oss-security] 20151117 CVE request for Gnome gdm/screen lock crash
- RHSA-2017:2128
- RHSA-2017:2128
- https://bugzilla.gnome.org/show_bug.cgi?id=758032
- https://bugzilla.gnome.org/show_bug.cgi?id=758032
- https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news
- https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-0247
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
- http://advisories.mageia.org/MGASA-2015-0061.html
- http://advisories.mageia.org/MGASA-2015-0061.html
- http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
- http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
- FEDORA-2015-1840
- FEDORA-2015-1840
- FEDORA-2015-2511
- FEDORA-2015-2511
- FEDORA-2015-2516
- FEDORA-2015-2516
- SUSE-SU-2015:1103
- SUSE-SU-2015:1103
- openSUSE-SU-2015:1006
- openSUSE-SU-2015:1006
- http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
- http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
- DSA-3166
- DSA-3166
- MDVSA-2015:045
- MDVSA-2015:045
- MDVSA-2015:067
- MDVSA-2015:067
- http://www.ocert.org/advisories/ocert-2015-002.html
- http://www.ocert.org/advisories/ocert-2015-002.html
- 20150205 [oCERT-2015-002] e2fsprogs input sanitization errors
- 20150205 [oCERT-2015-002] e2fsprogs input sanitization errors
- 72520
- 72520
- USN-2507-1
- USN-2507-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1187032
- https://bugzilla.redhat.com/show_bug.cgi?id=1187032
- e2fsprogs-cve20150247-bo(100740)
- e2fsprogs-cve20150247-bo(100740)
- GLSA-201701-06
- GLSA-201701-06
Modified: 2024-11-21
CVE-2015-1572
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
- http://advisories.mageia.org/MGASA-2015-0088.html
- http://advisories.mageia.org/MGASA-2015-0088.html
- FEDORA-2015-2511
- FEDORA-2015-2511
- FEDORA-2015-2516
- FEDORA-2015-2516
- SUSE-SU-2015:1103
- SUSE-SU-2015:1103
- openSUSE-SU-2015:1002
- openSUSE-SU-2015:1002
- openSUSE-SU-2015:1006
- openSUSE-SU-2015:1006
- DSA-3166
- DSA-3166
- MDVSA-2015:067
- MDVSA-2015:067
- MDVSA-2015:068
- MDVSA-2015:068
- 72709
- 72709
- USN-2507-1
- USN-2507-1
- https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
- https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
- GLSA-201507-22
- GLSA-201507-22
Package util-linux updated to version 2.27.1-alt1 for branch sisyphus in task 153318.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-5224
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
- [oss-security] 20150824 CVE-2015-5224 login-utils: file name collision due to incorrect mkstemp use
- [oss-security] 20150824 CVE-2015-5224 login-utils: file name collision due to incorrect mkstemp use
- 76467
- 76467
- https://bugzilla.redhat.com/show_bug.cgi?id=1256686
- https://bugzilla.redhat.com/show_bug.cgi?id=1256686
- https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9
- https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9
Closed bugs
Remove explicit nfs-utils requirement