ALT-BU-2016-3164-2
Branch sisyphus update bulletin.
Package libselinux updated to version 2.5-alt2 for branch sisyphus in task 172607.
Closed bugs
journald failed to start after recent selinux update
Package livecd-install updated to version 0.9.6-alt1 for branch sisyphus in task 172627.
Closed bugs
В результате установки через livecd-install, /etc/adjtime оказывается ненастроен
Closed vulnerabilities
Modified: 2025-04-12
CVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
- http://openwall.com/lists/oss-security/2016/11/22/20
- http://rhn.redhat.com/errata/RHSA-2016-2972.html
- http://www.debian.org/security/2016/dsa-3722
- http://www.securityfocus.com/bid/94478
- http://www.securitytracker.com/id/1037338
- http://www.ubuntu.com/usn/USN-3139-1
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
- https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
- https://github.com/vim/vim/releases/tag/v8.0.0056
- https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- https://security.gentoo.org/glsa/201701-29
- http://openwall.com/lists/oss-security/2016/11/22/20
- http://rhn.redhat.com/errata/RHSA-2016-2972.html
- http://www.debian.org/security/2016/dsa-3722
- http://www.securityfocus.com/bid/94478
- http://www.securitytracker.com/id/1037338
- http://www.ubuntu.com/usn/USN-3139-1
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
- https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
- https://github.com/vim/vim/releases/tag/v8.0.0056
- https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- https://security.gentoo.org/glsa/201701-29
Modified: 2025-04-20
CVE-2017-5953
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
- http://www.debian.org/security/2017/dsa-3786
- http://www.securityfocus.com/bid/96217
- https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
- https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4309-1/
- http://www.debian.org/security/2017/dsa-3786
- http://www.securityfocus.com/bid/96217
- https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
- https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4309-1/
Package ceph-deploy updated to version 1.5.34-alt3 for branch sisyphus in task 172688.
Closed bugs
ceph-deploy хочет ceph-mds отдельным пакетом
Package python-module-cryptography updated to version 1.6.0-alt1 for branch sisyphus in task 172620.
Closed vulnerabilities
Modified: 2025-04-20
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
- http://www.openwall.com/lists/oss-security/2016/11/09/2
- http://www.securityfocus.com/bid/94216
- http://www.ubuntu.com/usn/USN-3138-1
- https://cryptography.io/en/latest/changelog
- https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- https://github.com/pyca/cryptography/issues/3211
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
- http://www.openwall.com/lists/oss-security/2016/11/09/2
- http://www.securityfocus.com/bid/94216
- http://www.ubuntu.com/usn/USN-3138-1
- https://cryptography.io/en/latest/changelog
- https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- https://github.com/pyca/cryptography/issues/3211
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/