ALT-BU-2016-2827-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-04623
Уязвимость функции clntudp_call (sunrpc/clnt_udp.c) в библиотеке GNU C (glibc или libc6), связанная с записью за границами буфера в памяти, позволяющая нарушителю вводить и выполнять произвольные команды или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-4429
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1779
- openSUSE-SU-2016:1779
- 102073
- 102073
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update
- https://source.android.com/security/bulletin/2017-12-01
- https://source.android.com/security/bulletin/2017-12-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- USN-3759-1
- USN-3759-1
- USN-3759-2
- USN-3759-2
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
Closed vulnerabilities
BDU:2016-01680
Уязвимость менеджера загрузок GNU Wget, позволяющая нарушителю изменять произвольные файлы
Modified: 2024-11-21
CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1
- [info-gnu] 20160609 GNU wget 1.18 released
- [info-gnu] 20160609 GNU wget 1.18 released
- openSUSE-SU-2016:2027
- openSUSE-SU-2016:2027
- http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html
- http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html
- RHSA-2016:2587
- RHSA-2016:2587
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 91530
- 91530
- 1036133
- 1036133
- USN-3012-1
- USN-3012-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1343666
- https://bugzilla.redhat.com/show_bug.cgi?id=1343666
- GLSA-201610-11
- GLSA-201610-11
- https://security.paloaltonetworks.com/CVE-2016-4971
- https://security.paloaltonetworks.com/CVE-2016-4971
- 40064
- 40064
Package dosfstools updated to version 4.0-alt1 for branch sisyphus in task 165801.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8872
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
- openSUSE-SU-2016:1461
- openSUSE-SU-2016:1461
- openSUSE-SU-2016:2233
- openSUSE-SU-2016:2233
- 90311
- 90311
- USN-2986-1
- USN-2986-1
- https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
- https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
- https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
- https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
- https://github.com/dosfstools/dosfstools/issues/12
- https://github.com/dosfstools/dosfstools/issues/12
- https://github.com/dosfstools/dosfstools/releases/tag/v4.0
- https://github.com/dosfstools/dosfstools/releases/tag/v4.0
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update
Modified: 2024-11-21
CVE-2016-4804
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
- openSUSE-SU-2016:1461
- openSUSE-SU-2016:1461
- openSUSE-SU-2016:2233
- openSUSE-SU-2016:2233
- 90311
- 90311
- USN-2986-1
- USN-2986-1
- https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
- https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
- https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
- https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
- https://github.com/dosfstools/dosfstools/issues/25
- https://github.com/dosfstools/dosfstools/issues/25
- https://github.com/dosfstools/dosfstools/issues/26
- https://github.com/dosfstools/dosfstools/issues/26
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update