Branch sisyphus update bulletin.

Package logrotate updated to version 3.9.1-alt1 for branch sisyphus in task 154847.

Published: 2011-03-31

BDU:2015-06014

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

References:

Published: 2011-03-31

BDU:2015-06014

References:

Published: 2011-03-31

BDU:2015-06014

References:

Published: 2011-03-31

BDU:2015-06015

References:

Published: 2011-03-31

BDU:2015-06015

References:

Published: 2011-03-31

BDU:2015-06015

References:

Published: 2012-06-25

BDU:2015-09654

Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

References:

Published: 2012-06-25

BDU:2015-09654

References:

Published: 2012-06-25

BDU:2015-09654

References:

Published: 2011-03-31
Modified: 2024-11-21

CVE-2011-1098

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Severity: LOW (1.9)

References:

Published: 2011-03-31
Modified: 2024-11-21

CVE-2011-1154

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

References:

Published: 2011-03-31
Modified: 2024-11-21

CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Severity: LOW (1.9)

References:

поведение logrotate не соответствует man-странице

Множественные уязвимости: CVE-2011-1098, CVE-2011-1154, CVE-2011-1155

Ломает работу logrotate

Package curl updated to version 7.46.0-alt2 for branch sisyphus in task 154851.

Build with HTTP/2 support enabled

Package wget updated to version 1.17.1-alt1 for branch sisyphus in task 154852.

Published: 2016-09-26
Modified: 2024-11-21

CVE-2016-7098

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package sane updated to version 1.0.25-alt1 for branch sisyphus in task 154856.

SANE-Backends-1.0.25

Version: 2.1.0

Branch sisyphus update on 2015-12-14

ALT-BU-2015-2791-2

ALT-PU-2015-2093-2

Closed vulnerabilities

BDU:2015-06014

BDU:2015-06014

BDU:2015-06014

BDU:2015-06015

BDU:2015-06015

BDU:2015-06015

BDU:2015-09654

BDU:2015-09654

BDU:2015-09654

CVE-2011-1098

CVE-2011-1154

CVE-2011-1155

Closed bugs

Bug #12593

Bug #29681

Bug #31616

ALT-PU-2015-2094-1

Closed bugs

Bug #31617

ALT-PU-2015-2095-1

Closed vulnerabilities

CVE-2016-7098

ALT-PU-2015-2096-1

Closed bugs

Bug #31327