ALT Linux Team

Branch sisyphus update on 2015-11-25

2015-11-25

ALT-BU-2015-2752-1

Branch sisyphus update bulletin.

ALT-PU-2015-2021-1

Package firefox-flashblock updated to version 1.5.17-alt3 for branch sisyphus in task 153752.

Closed bugs

Bug #31323

Обновить до 1.5.18.1

ALT-PU-2015-2023-1

Package pcre updated to version 8.38-alt1 for branch sisyphus in task 153763.

Closed vulnerabilities

Published: 2022-07-21

BDU:2022-04560

Уязвимость функции pcre_compile() библиотеки регулярных выражений на языке Perl PCRE, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
References:
Published: 2016-12-13
Modified: 2025-04-12

CVE-2015-3210

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-13
Modified: 2025-04-12

CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-12-13
Modified: 2025-04-12

CVE-2015-5073

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2015-12-02
Modified: 2025-04-12

CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2015-2024-1

Package kde4-ktorrent updated to version 4.3.1-alt4 for branch sisyphus in task 153766.

Closed bugs

Bug #31153

Для работы требуется пересборка пакета

ALT-PU-2015-2025-1

Package libshell updated to version 0.4.1-alt1 for branch sisyphus in task 153769.

Closed bugs

Bug #31151

Неудобное проведение при отсутствующем файле

Bug #31480

shell-getopt: невозможно использовать --opt при наличии opt-something

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top