Branch c6 update bulletin.

Package rpcbind updated to version 0.2.1-alt0.5.M60C.2 for branch c6 in task 153459.

Published: 2015-10-13
Modified: 2024-06-13

BDU:2015-11539

Уязвимость сервера динамического назначения RPC-портов RPCbind, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-10-01
Modified: 2025-04-12

CVE-2015-7236

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package xinetd updated to version 2.3.14-alt4.M60C.2 for branch c6 in task 153459.

Published: 2012-06-04
Modified: 2025-04-11

CVE-2012-0862

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Package logrotate updated to version 3.7.9-alt3.M60C.2 for branch c6 in task 153459.

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06014

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06015

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09654

Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-30
Modified: 2025-04-11

CVE-2011-1098

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Published: 2011-03-30
Modified: 2025-04-11

CVE-2011-1154

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-30
Modified: 2025-04-11

CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Package perl updated to version 5.12.3-alt4.M60C.2 for branch c6 in task 153459.

Published: 2016-11-03
Modified: 2021-03-23

BDU:2016-02231

Уязвимость интерпретатора Perl, позволяющая нарушителю внедрить произвольный код

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Published: 2022-04-27

BDU:2022-02611

Уязвимость функции decode_xs интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: MEDIUM (5.1) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

CVE-2011-2939

Published: 2022-04-27

BDU:2022-02612

Уязвимость функции bsd_glob интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

CVE-2011-2728

Published: 2022-04-27

BDU:2022-02626

Уязвимость функции _compile интерпретатора языка программирования Perl , позволяющая нарушителю выполнять произвольные команды

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2012-6329

Published: 2022-04-27

BDU:2022-02638

Уязвимость функции хеширования интерпретатора языка программирования Perl, позволяющая нарушителю вызывать отказ в обслуживании

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2013-1667

Published: 2011-04-11
Modified: 2025-04-11

CVE-2011-1487

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Published: 2012-12-21
Modified: 2025-04-11

CVE-2011-2728

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2012-01-13
Modified: 2025-04-11

CVE-2011-2939

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Severity: MEDIUM (5.1) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Published: 2012-12-18
Modified: 2025-04-11

CVE-2012-5195

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2013-01-04
Modified: 2025-04-11

CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2013-03-14
Modified: 2025-04-11

CVE-2013-1667

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Package libxcb updated to version 1.7-alt6.M60C.2 for branch c6 in task 153459.

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-04110

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06306

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06354

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06355

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06356

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06357

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06358

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06359

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06360

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06361

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06362

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06363

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06364

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06365

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06366

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06367

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06375

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06376

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06377

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06378

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06379

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06380

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06392

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06393

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06394

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06395

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06396

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06397

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06398

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06399

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06400

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06401

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06402

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06403

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06404

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06405

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06406

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06407

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06408

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06409

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06410

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06411

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06412

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06575

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06576

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06577

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06607

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09727

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2013-1056
CVE-2013-1940
CVE-2013-1981
CVE-2013-1982
CVE-2013-1983
CVE-2013-1984
CVE-2013-1985
CVE-2013-1986
CVE-2013-1987
CVE-2013-1988
CVE-2013-1989
CVE-2013-1990
CVE-2013-1991
CVE-2013-1992
CVE-2013-1993
CVE-2013-1994
CVE-2013-1995
CVE-2013-1996
CVE-2013-1997
CVE-2013-1998
CVE-2013-1999
CVE-2013-2000
CVE-2013-2001
CVE-2013-2002
CVE-2013-2003
CVE-2013-2004
CVE-2013-2005
CVE-2013-2062
CVE-2013-2063
CVE-2013-2064
CVE-2013-2066
CVE-2013-4396
GLSA-201405-07

Published: 2013-06-15
Modified: 2025-04-11

CVE-2013-2064

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Package libssh2 updated to version 1.2.8-alt1.M60C.2 for branch c6 in task 153459.

Published: 2015-03-13
Modified: 2025-04-12

CVE-2015-1782

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Package less updated to version 444-alt1.M60C.2 for branch c6 in task 153459.

Published: 2015-04-14
Modified: 2025-04-12

CVE-2014-9488

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Package e2fsprogs updated to version 1.41.14-alt1.M60C.2 for branch c6 in task 153459.

Published: 2015-02-17
Modified: 2025-04-12

CVE-2015-0247

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-02-24
Modified: 2025-04-12

CVE-2015-1572

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Package cpio updated to version 2.11-alt1.M60C.2 for branch c6 in task 153459.

Published: 2014-12-02
Modified: 2025-04-12

CVE-2014-9112

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-02-19
Modified: 2025-04-12

CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

References:

Package expat updated to version 2.0.1-alt5.M60C.2 for branch c6 in task 153459.

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09649

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2012-07-03
Modified: 2025-04-11

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2012-07-03
Modified: 2025-04-11

CVE-2012-1147

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2012-07-03
Modified: 2025-04-11

CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Package elfutils updated to version 0.152-alt1.M60C.2 for branch c6 in task 153459.

Published: 2015-01-02
Modified: 2025-04-12

CVE-2014-9447

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

References:

Package libcap updated to version 2.16-alt4.M60C.2 for branch c6 in task 153459.

Published: 2014-02-08
Modified: 2025-04-11

CVE-2011-4099

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Package libidn updated to version 1.24-alt1.M60C.2 for branch c6 in task 153459.

Published: 2015-08-12
Modified: 2025-04-12

CVE-2015-2059

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Package openldap2.4 updated to version 2.4.42-alt0.M60C.1 for branch c6 in task 153459.

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09683

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2012-06-17
Modified: 2025-04-11

CVE-2012-2668

libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Published: 2015-09-11
Modified: 2025-04-12

CVE-2015-6908

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

лишние файлы в libldap

Надо обновить или пересобрать.

Version: 2.1.2

ALT-BU-2015-2832-1

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed bugs