ALT-BU-2016-3183-1
Branch p8 update bulletin.
Package repocop-unittest-distribution-tag updated to version 0.5-alt1 for branch p8 in task 173833.
Closed bugs
Надо привести в соответствие с новым значением %distribution
Package firefox-esr updated to version 45.5.1-alt0.M80P.1 for branch p8 in task 173823.
Closed vulnerabilities
No data currently available.
Closed vulnerabilities
BDU:2021-05334
Уязвимость реализации языка разметки SVG браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2016-9078
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
Modified: 2025-03-21
CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
- RHSA-2016:2843
- RHSA-2016:2843
- RHSA-2016:2850
- RHSA-2016:2850
- 94591
- 94591
- 1037370
- 1037370
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
- GLSA-201701-15
- GLSA-201701-15
- GLSA-201701-35
- GLSA-201701-35
- DSA-3730
- DSA-3730
- 41151
- 41151
- 42327
- 42327
- https://www.mozilla.org/security/advisories/mfsa2016-92/
- https://www.mozilla.org/security/advisories/mfsa2016-92/
Closed bugs
ALT Linux --> ALT
verify_rpath when both RUNPATH and RPATH are set
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-5180
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
- RHSA-2017:0002
- RHSA-2017:0002
- DSA-3682
- DSA-3682
- 93243
- 93243
- USN-3143-1
- USN-3143-1
- https://c-ares.haxx.se/adv_20160929.html
- https://c-ares.haxx.se/adv_20160929.html
- https://c-ares.haxx.se/CVE-2016-5180.patch
- https://c-ares.haxx.se/CVE-2016-5180.patch
- https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html
- https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html
- GLSA-201701-28
- GLSA-201701-28
- https://source.android.com/security/bulletin/2017-01-01.html
- https://source.android.com/security/bulletin/2017-01-01.html
Modified: 2024-11-21
CVE-2018-7158
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.
Closed vulnerabilities
BDU:2016-01678
Уязвимость серверного программного обеспечения HAProxy, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Modified: 2024-11-21
CVE-2016-5360
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
- http://git.haproxy.org/?p=haproxy-1.6.git%3Ba=commit%3Bh=60f01f8c89e4fb2723d5a9f2046286e699567e0b
- http://git.haproxy.org/?p=haproxy-1.6.git%3Ba=commit%3Bh=60f01f8c89e4fb2723d5a9f2046286e699567e0b
- [oss-security] 20160609 CVE Request: haproxy remote denial of service via reqdeny
- [oss-security] 20160609 CVE Request: haproxy remote denial of service via reqdeny
- [oss-security] 20160609 Re: CVE Request: haproxy remote denial of service via reqdeny
- [oss-security] 20160609 Re: CVE Request: haproxy remote denial of service via reqdeny
- USN-3011-1
- USN-3011-1
Package thunderbird updated to version 45.5.1-alt0.M80P.1 for branch p8 in task 173859.
Closed vulnerabilities
No data currently available.