ALT-BU-2016-2953-1
Branch sisyphus update bulletin.
Package libwebkitgtk4 updated to version 2.12.4-alt1 for branch sisyphus in task 168865.
Closed vulnerabilities
BDU:2016-02129
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-02131
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2016-4590
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-5
- APPLE-SA-2016-07-18-5
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 91835
- 91835
- 1036343
- 1036343
- https://support.apple.com/HT206900
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206902
Modified: 2024-11-21
CVE-2016-4591
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-4
- APPLE-SA-2016-07-18-4
- APPLE-SA-2016-07-18-5
- APPLE-SA-2016-07-18-5
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 91830
- 91830
- 1036343
- 1036343
- https://support.apple.com/HT206900
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206902
- https://support.apple.com/HT206905
- https://support.apple.com/HT206905
Modified: 2024-11-21
CVE-2016-4622
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-4
- APPLE-SA-2016-07-18-4
- APPLE-SA-2016-07-18-5
- APPLE-SA-2016-07-18-5
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 91830
- 91830
- 1036343
- 1036343
- http://www.zerodayinitiative.com/advisories/ZDI-16-485
- http://www.zerodayinitiative.com/advisories/ZDI-16-485
- http://www.zerodayinitiative.com/advisories/ZDI-16-486
- http://www.zerodayinitiative.com/advisories/ZDI-16-486
- https://support.apple.com/HT206900
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206902
- https://support.apple.com/HT206905
- https://support.apple.com/HT206905
Modified: 2024-11-21
CVE-2016-4624
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-2
- APPLE-SA-2016-07-18-4
- APPLE-SA-2016-07-18-4
- APPLE-SA-2016-07-18-5
- APPLE-SA-2016-07-18-5
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 20160825 WebKitGTK+ Security Advisory WSA-2016-0005
- 91830
- 91830
- 1036343
- 1036343
- https://support.apple.com/HT206900
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206902
- https://support.apple.com/HT206905
- https://support.apple.com/HT206905
Package fontconfig-infinality updated to version 1-alt7.git20130126 for branch sisyphus in task 168878.
Closed bugs
Ghostscript does not find base fonts
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-24869
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross site scripting attack vector. This issue is partially mitigated by cors security of browsers, though users are still advised to upgrade.
- https://github.com/glpi-project/glpi/blob/10.0/bugfixes/CHANGELOG.md#1000-2022-04-20
- https://github.com/glpi-project/glpi/blob/10.0/bugfixes/CHANGELOG.md#1000-2022-04-20
- https://github.com/glpi-project/glpi/commit/ac9f1f03c5d2545b7e290197dbfebc3f752f810e
- https://github.com/glpi-project/glpi/commit/ac9f1f03c5d2545b7e290197dbfebc3f752f810e
- https://github.com/glpi-project/glpi/releases/tag/10.0.0
- https://github.com/glpi-project/glpi/releases/tag/10.0.0
- https://github.com/glpi-project/glpi/security/advisories/GHSA-p94c-8qp5-gfpx
- https://github.com/glpi-project/glpi/security/advisories/GHSA-p94c-8qp5-gfpx