ALT Linux Team

Branch sisyphus update on 2015-11-18

2015-11-18

ALT-BU-2015-2743-1

Branch sisyphus update bulletin.

ALT-PU-2015-2003-1

Package fail2ban updated to version 0.9.2-alt5 for branch sisyphus in task 153365.

Closed bugs

Bug #29756

pid & logrotate fixes

ALT-PU-2015-2004-1

Package mount-tray updated to version 1.2.5-alt3 for branch sisyphus in task 153367.

Closed bugs

Bug #31502

add Requires: libqt4-svg

ALT-PU-2015-2006-1

Package gdm updated to version 3.18.2-alt1 for branch sisyphus in task 153404.

Closed vulnerabilities

Published: 2015-11-24

BDU:2015-12110

Уязвимость графического интерфейса GNOME Display Manager операционной системы Fedora, позволяющая нарушителю обойти экран блокировки

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-11-24
Modified: 2025-04-12

CVE-2015-7496

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:

ALT-PU-2015-2007-1

Package e2fsprogs updated to version 1.42.13-alt1 for branch sisyphus in task 153403.

Closed vulnerabilities

Published: 2015-02-17
Modified: 2025-04-12

CVE-2015-0247

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-02-24
Modified: 2025-04-12

CVE-2015-1572

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:

ALT-PU-2015-2008-1

Package util-linux updated to version 2.27.1-alt1 for branch sisyphus in task 153318.

Closed vulnerabilities

Published: 2017-08-23
Modified: 2025-04-20

CVE-2015-5224

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #31498

Remove explicit nfs-utils requirement

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top