ALT-BU-2016-2983-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-7141
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
- openSUSE-SU-2016:2379
- openSUSE-SU-2016:2379
- RHSA-2016:2575
- RHSA-2016:2575
- RHSA-2016:2957
- RHSA-2016:2957
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 92754
- 92754
- 1036739
- 1036739
- RHSA-2018:3558
- RHSA-2018:3558
- https://bugzilla.redhat.com/show_bug.cgi?id=1373229
- https://bugzilla.redhat.com/show_bug.cgi?id=1373229
- https://curl.haxx.se/docs/adv_20160907.html
- https://curl.haxx.se/docs/adv_20160907.html
- https://github.com/curl/curl/commit/curl-7_50_2~32
- https://github.com/curl/curl/commit/curl-7_50_2~32
- [debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update
- [debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update
- GLSA-201701-47
- GLSA-201701-47
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-7444
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
- openSUSE-SU-2017:0386
- openSUSE-SU-2017:0386
- 92893
- 92893
- RHSA-2017:2292
- RHSA-2017:2292
- https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
- https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
- [gnutls-devel] 20160902 OCSP certificate check
- [gnutls-devel] 20160902 OCSP certificate check
- https://www.gnutls.org/security.html
- https://www.gnutls.org/security.html
Package firefox-gost updated to version 45.3.0-alt1 for branch sisyphus in task 166803.
Closed vulnerabilities
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
Closed bugs
Хорошо бы паковать openvpn-plugin.h
Отсутствует /var/run/openvpn
Broken systemd integration
Closed vulnerabilities
Modified: 2024-11-21
CVE-2013-7447
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
- openSUSE-SU-2016:0647
- openSUSE-SU-2016:0647
- [oss-security] 20160209 CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
- [oss-security] 20160209 CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
- [oss-security] 20160210 Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
- [oss-security] 20160210 Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 83239
- 83239
- USN-2898-1
- USN-2898-1
- USN-2898-2
- USN-2898-2
- https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
- https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
- https://bugzilla.gnome.org/show_bug.cgi?id=703220
- https://bugzilla.gnome.org/show_bug.cgi?id=703220
- https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
- https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
- https://git.gnome.org/browse/gtk+/tree/NEWS
- https://git.gnome.org/browse/gtk+/tree/NEWS
- https://github.com/mate-desktop/eom/issues/93
- https://github.com/mate-desktop/eom/issues/93