ALT Linux Team

Branch p8 update on 2016-08-23

2016-08-23

ALT-BU-2016-2945-1

Branch p8 update bulletin.

ALT-PU-2016-1871-1

Package eog updated to version 3.20.4-alt1 for branch p8 in task 168740.

Closed vulnerabilities

Published: 2016-09-07
Modified: 2024-11-21

CVE-2016-6855

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2016-1872-1

Package mypaint updated to version 1.2.0-alt2 for branch p8 in task 168740.

Closed bugs

Bug #32415

Не запускается mypaint

ALT-PU-2016-1873-1

Package lxc updated to version 2.0.4-alt1 for branch p8 in task 168759.

Closed vulnerabilities

Published: 2017-01-09
Modified: 2024-11-21

CVE-2016-10124

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.

Severity: HIGH (8.6) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
References:
Published: 2020-02-10
Modified: 2024-11-21

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top