ALT-BU-2016-3236-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-04623
Уязвимость функции clntudp_call (sunrpc/clnt_udp.c) в библиотеке GNU C (glibc или libc6), связанная с записью за границами буфера в памяти, позволяющая нарушителю вводить и выполнять произвольные команды или вызвать отказ в обслуживании
BDU:2022-05945
Уязвимость функций fillin_rpath, decompose_rpath системной библиотеки GNU C Library, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-1234
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
- FEDORA-2016-68abc0be35
- FEDORA-2016-68abc0be35
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1779
- openSUSE-SU-2016:1779
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- [oss-security] 20160307 CVE-2016-1234 in glibc glob with GLOB_ALTDIRFUNC
- [oss-security] 20160307 CVE-2016-1234 in glibc glob with GLOB_ALTDIRFUNC
- 84204
- 84204
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- GLSA-201702-11
- GLSA-201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=19779
- https://sourceware.org/bugzilla/show_bug.cgi?id=19779
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea
Modified: 2024-11-21
CVE-2016-3075
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
- FEDORA-2016-68abc0be35
- FEDORA-2016-68abc0be35
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1779
- openSUSE-SU-2016:1779
- RHSA-2016:2573
- RHSA-2016:2573
- 85732
- 85732
- USN-2985-1
- USN-2985-1
- GLSA-201702-11
- GLSA-201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=19879
- https://sourceware.org/bugzilla/show_bug.cgi?id=19879
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=317b199b4aff8cfa27f2302ab404d2bb5032b9a4
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=317b199b4aff8cfa27f2302ab404d2bb5032b9a4
Modified: 2024-11-21
CVE-2016-4429
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1779
- openSUSE-SU-2016:1779
- 102073
- 102073
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update
- https://source.android.com/security/bulletin/2017-12-01
- https://source.android.com/security/bulletin/2017-12-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- USN-3759-1
- USN-3759-1
- USN-3759-2
- USN-3759-2
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2016-5417
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
- [oss-security] 20160802 glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417)
- [oss-security] 20160802 glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417)
- 92257
- 92257
- https://sourceware.org/bugzilla/show_bug.cgi?id=19257
- https://sourceware.org/bugzilla/show_bug.cgi?id=19257
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2212c1420c92a33b0e0bd9a34938c9814a56c0f7
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2212c1420c92a33b0e0bd9a34938c9814a56c0f7
- [libc-alpha] 20160804 The GNU C Library version 2.24 is now available
- [libc-alpha] 20160804 The GNU C Library version 2.24 is now available
Modified: 2024-11-21
CVE-2017-16997
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
- 102228
- 102228
- RHBA-2019:0327
- RHBA-2019:0327
- RHSA-2018:3092
- RHSA-2018:3092
- https://bugs.debian.org/884615
- https://bugs.debian.org/884615
- https://sourceware.org/bugzilla/show_bug.cgi?id=22625
- https://sourceware.org/bugzilla/show_bug.cgi?id=22625
- https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
- https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
Closed bugs
Обновление версии dovecot
Package dovecot-pigeonhole updated to version 0.4.16-alt1 for branch sisyphus in task 175515.
Closed bugs
Обновление версии dovecot-pigeonhole
Package alterator-sslkey updated to version 0.2.4-alt1 for branch sisyphus in task 175522.
Closed bugs
Не создаются ключи
Package make-initrd updated to version 0.8.13-alt1 for branch sisyphus in task 175523.
Closed bugs
guess-kbd: команда не найдена
Closed bugs
Зависит от xterm