Branch sisyphus update bulletin.

Package ejabberd updated to version 2.1.13-alt1 for branch sisyphus in task 162417.

Published: 2013-10-17
Modified: 2025-04-11

CVE-2013-6169

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-10-25
Modified: 2025-04-12

CVE-2014-8760

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Package libtasn1 updated to version 4.8-alt1 for branch sisyphus in task 162898.

Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-4008

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package binutils updated to version 2.26.0-alt1.1 for branch sisyphus in task 162895.

Published: 2017-03-21
Modified: 2025-04-20

CVE-2014-9939

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2016-04-12

ALT-BU-2016-2687-1

ALT-PU-2016-1317-1

Closed vulnerabilities

CVE-2013-6169

CVE-2014-8760

ALT-PU-2016-1318-1

Closed vulnerabilities

CVE-2016-4008

ALT-PU-2016-1319-1

Closed vulnerabilities

CVE-2014-9939