2016-10-15
ALT-BU-2016-3059-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2016-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-6254
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
Severity: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
- http://collectd.org/news.shtml
- http://collectd.org/news.shtml
- DSA-3636
- DSA-3636
- https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
- https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
- FEDORA-2016-23f0d552e8
- FEDORA-2016-23f0d552e8
- FEDORA-2016-e16a14ffc5
- FEDORA-2016-e16a14ffc5
Closed vulnerabilities
Published: 2017-01-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-8606
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20161012 Re: CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks
- [oss-security] 20161012 Re: CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks
- 93514
- 93514
- FEDORA-2016-0aab71f552
- FEDORA-2016-0aab71f552
- FEDORA-2016-a47bf58beb
- FEDORA-2016-a47bf58beb
- FEDORA-2016-34209c3a8e
- FEDORA-2016-34209c3a8e