ALT-BU-2016-3164-2
Branch sisyphus update bulletin.
Package libselinux updated to version 2.5-alt2 for branch sisyphus in task 172607.
Closed bugs
journald failed to start after recent selinux update
Package livecd-install updated to version 0.9.6-alt1 for branch sisyphus in task 172627.
Closed bugs
В результате установки через livecd-install, /etc/adjtime оказывается ненастроен
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
- http://openwall.com/lists/oss-security/2016/11/22/20
- http://openwall.com/lists/oss-security/2016/11/22/20
- RHSA-2016:2972
- RHSA-2016:2972
- DSA-3722
- DSA-3722
- 94478
- 94478
- 1037338
- 1037338
- USN-3139-1
- USN-3139-1
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
- https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
- https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
- https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
- https://github.com/vim/vim/releases/tag/v8.0.0056
- https://github.com/vim/vim/releases/tag/v8.0.0056
- [debian-lts-announce] 20161122 [SECURITY] [DLA 718-1] vim security update
- [debian-lts-announce] 20161122 [SECURITY] [DLA 718-1] vim security update
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- GLSA-201701-29
- GLSA-201701-29
Modified: 2024-11-21
CVE-2017-5953
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
- DSA-3786
- DSA-3786
- 96217
- 96217
- https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
- https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
- https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
- https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
- GLSA-201706-26
- GLSA-201706-26
- USN-4016-1
- USN-4016-1
- USN-4309-1
- USN-4309-1
Package ceph-deploy updated to version 1.5.34-alt3 for branch sisyphus in task 172688.
Closed bugs
ceph-deploy хочет ceph-mds отдельным пакетом
Package python-module-cryptography updated to version 1.6.0-alt1 for branch sisyphus in task 172620.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
- [oss-security] 20161109 Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string
- [oss-security] 20161109 Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string
- 94216
- 94216
- USN-3138-1
- USN-3138-1
- https://cryptography.io/en/latest/changelog
- https://cryptography.io/en/latest/changelog
- https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- https://github.com/pyca/cryptography/issues/3211
- https://github.com/pyca/cryptography/issues/3211
- FEDORA-2016-e77c8c1f3b
- FEDORA-2016-e77c8c1f3b
- FEDORA-2016-2d90e27e50
- FEDORA-2016-2d90e27e50
- FEDORA-2016-d3a2b640ce
- FEDORA-2016-d3a2b640ce