ALT-BU-2016-2838-1
Branch sisyphus update bulletin.
Package perl-SDL_Perl updated to version 2.2.6-alt10 for branch sisyphus in task 166032.
Closed bugs
perl-SDL: impossible to upgrade
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
- 57317
- 57317
- [oss-security] 20140324 pam_timestamp internals
- [oss-security] 20140324 pam_timestamp internals
- [oss-security] 20140326 Re: pam_timestamp internals
- [oss-security] 20140326 Re: pam_timestamp internals
- [oss-security] 20140331 Re: pam_timestamp internals
- [oss-security] 20140331 Re: pam_timestamp internals
- 66493
- 66493
- USN-2935-1
- USN-2935-1
- USN-2935-2
- USN-2935-2
- USN-2935-3
- USN-2935-3
- https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
- https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
- GLSA-201605-05
- GLSA-201605-05
Modified: 2024-11-21
CVE-2015-3238
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
- FEDORA-2015-10848
- FEDORA-2015-10848
- FEDORA-2015-10830
- FEDORA-2015-10830
- RHSA-2015:1640
- RHSA-2015:1640
- [oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238
- [oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- 75428
- 75428
- USN-2935-1
- USN-2935-1
- USN-2935-2
- USN-2935-2
- USN-2935-3
- USN-2935-3
- https://bugzilla.redhat.com/show_bug.cgi?id=1228571
- https://bugzilla.redhat.com/show_bug.cgi?id=1228571
- GLSA-201605-05
- GLSA-201605-05
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/
Closed bugs
perl-SDL: impossible to upgrade
Closed bugs
в perl-Gtk3 добавить Requires: libgtk+3-gir