ALT-BU-2016-3101-2

Branch sisyphus update bulletin.

Package libselinux updated to version 2.3-alt1 for branch sisyphus in task 170252.

Политика не грузится с policycoreutils >= 2.4

Package libsemanage updated to version 2.3-alt1 for branch sisyphus in task 170252.

Политика не грузится с policycoreutils >= 2.4

Package libsepol updated to version 2.3-alt1 for branch sisyphus in task 170252.

Политика не грузится с policycoreutils >= 2.4

Package policycoreutils updated to version 2.3-alt1 for branch sisyphus in task 170252.

Политика не грузится с policycoreutils >= 2.4

Package checkpolicy updated to version 2.3-alt1 for branch sisyphus in task 170252.

Политика не грузится с policycoreutils >= 2.4

Package adobe-flash-player-ppapi updated to version 23-alt5 for branch sisyphus in task 171488.

Уязвимость программной платформы Adobe Flash Player, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

Severity: CRITICAL (9.3)Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package adobe-flash-player updated to version 11-alt67 for branch sisyphus in task 171485.

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Severity: CRITICAL (9.3)Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package postgresql9.4 updated to version 9.4.10-alt1 for branch sisyphus in task 171468.

Уязвимость системы управления базами данных PostgreSQL, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.1)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Severity: CRITICAL (9.3)Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package postgresql9.5 updated to version 9.5.5-alt1 for branch sisyphus in task 171468.

Severity: HIGH (8.1)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2016-7048

Severity: CRITICAL (9.3)Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2016-10-28

ALT-BU-2016-3101-2

ALT-PU-2016-2198-1

Closed bugs

Bug #32254

ALT-PU-2016-2199-1

Closed bugs

Bug #32254

ALT-PU-2016-2200-1

Closed bugs

Bug #32254

ALT-PU-2016-2201-1

Closed bugs

Bug #32254

ALT-PU-2016-2202-1

Closed bugs

Bug #32254

ALT-PU-2016-2203-1

Closed vulnerabilities

BDU:2021-05439

CVE-2016-7855

ALT-PU-2016-2204-1

Closed vulnerabilities

BDU:2021-05439

CVE-2016-7855

ALT-PU-2016-3274-1

Closed vulnerabilities

BDU:2023-00904

CVE-2016-7048

ALT-PU-2016-3314-1

Closed vulnerabilities

BDU:2023-00904

CVE-2016-7048