Branch sisyphus update bulletin.

Package collectd updated to version 5.5.2-alt1 for branch sisyphus in task 170865.

Published: 2016-08-19
Modified: 2025-04-12

CVE-2016-6254

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References:

Package guile20 updated to version 2.0.13-alt1 for branch sisyphus in task 170866.

Published: 2017-01-12
Modified: 2025-04-20

CVE-2016-8606

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2016-10-15

ALT-BU-2016-3059-1

ALT-PU-2016-2096-1

Closed vulnerabilities

CVE-2016-6254

ALT-PU-2016-2097-1

Closed vulnerabilities

CVE-2016-8606