Branch sisyphus update bulletin.

Package perl-SDL_Perl updated to version 2.2.6-alt10 for branch sisyphus in task 166032.

perl-SDL: impossible to upgrade

Package linux-pam updated to version 1.3.0-alt1 for branch sisyphus in task 166010.

Published: 2014-04-10
Modified: 2025-04-12

CVE-2014-2583

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-08-24
Modified: 2025-04-12

CVE-2015-3238

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

References:

Package perl-SDL updated to version 2.546-alt3 for branch sisyphus in task 166036.

perl-SDL: impossible to upgrade

Package perl-Gtk3 updated to version 0.026-alt2 for branch sisyphus in task 166042.

в perl-Gtk3 добавить Requires: libgtk+3-gir

Version: 2.1.2

Branch sisyphus update on 2016-06-16

ALT-BU-2016-2838-1

ALT-PU-2016-1612-1

Closed bugs

Bug #32191

ALT-PU-2016-1613-1

Closed vulnerabilities

CVE-2014-2583

CVE-2015-3238

ALT-PU-2016-1614-1

Closed bugs

Bug #32191

ALT-PU-2016-1615-1

Closed bugs

Bug #32152