ALT Linux Team

Branch sisyphus update on 2016-12-07

2016-12-07

ALT-BU-2016-3194-2

Branch sisyphus update bulletin.

ALT-PU-2016-2416-1

Package perl-Log-Log4perl updated to version 1.48-alt2 for branch sisyphus in task 174014.

Closed bugs

Bug #32850

Тянущая Иксы зависимость на perl-RRD

ALT-PU-2016-2417-1

Package libgsf updated to version 1.14.41-alt1 for branch sisyphus in task 174018.

Closed vulnerabilities

Published: 2016-12-08
Modified: 2024-11-21

CVE-2016-9888

An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2016-3248-1

Package supervisor updated to version 3.3.1-alt1 for branch sisyphus in task 174007.

Closed vulnerabilities

Published: 2017-08-07

BDU:2017-02043

Уязвимость компонента XML-RPC веб-сервера Supervisor и операционных систем Fedora, Debian GNU/Linux , позволяющая нарушителю выполнить произвольные команды

Severity: CRITICAL (9.0)
References:
Published: 2017-08-23
Modified: 2024-11-21

CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top