Branch sisyphus update bulletin.

Package dropbear updated to version 2016.73-alt1 for branch sisyphus in task 167157.

Published: 2016-03-22
Modified: 2024-11-21

CVE-2016-3116

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

Severity: MEDIUM (6.4) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References:

FEDORA-2016-332491de28
FEDORA-2016-332491de28
FEDORA-2016-40a657cee1
FEDORA-2016-40a657cee1
FEDORA-2016-bc45faa824
FEDORA-2016-bc45faa824
openSUSE-SU-2016:0874
openSUSE-SU-2016:0874
openSUSE-SU-2016:0882
openSUSE-SU-2016:0882
http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html
http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html
20160314 CVE-2016-3116 - Dropbear SSH xauth injection
20160314 CVE-2016-3116 - Dropbear SSH xauth injection
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
https://matt.ucc.asn.au/dropbear/CHANGES
https://matt.ucc.asn.au/dropbear/CHANGES
GLSA-201607-08
GLSA-201607-08

Package LibreOffice updated to version 5.2-alt2 for branch sisyphus in task 167169.

libreofficekit: hard-coded bad path

Version: 2.1.0

Branch sisyphus update on 2016-07-20

ALT-BU-2016-2893-1

ALT-PU-2016-1762-1

Closed vulnerabilities

CVE-2016-3116

ALT-PU-2016-1763-1

Closed bugs

Bug #31953