ALT-BU-2017-2875-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2015-12237
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2016-00941
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2016-00942
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
- FEDORA-2015-40882ddfb1
- FEDORA-2015-40882ddfb1
- FEDORA-2015-09bf9e06ea
- FEDORA-2015-09bf9e06ea
- FEDORA-2015-2df40de264
- FEDORA-2015-2df40de264
- FEDORA-2015-e278e12ebc
- FEDORA-2015-e278e12ebc
- SUSE-SU-2015:2340
- SUSE-SU-2015:2340
- SUSE-SU-2015:2341
- SUSE-SU-2015:2341
- SUSE-SU-2015:2359
- SUSE-SU-2015:2359
- openSUSE-SU-2015:2364
- openSUSE-SU-2015:2364
- openSUSE-SU-2015:2365
- openSUSE-SU-2015:2365
- openSUSE-SU-2015:2391
- openSUSE-SU-2015:2391
- SUSE-SU-2016:0227
- SUSE-SU-2016:0227
- HPSBUX03552
- HPSBUX03552
- SSRT102983
- SSRT102983
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
- RHSA-2015:2655
- RHSA-2015:2655
- RHSA-2015:2656
- RHSA-2015:2656
- RHSA-2015:2658
- RHSA-2015:2658
- RHSA-2016:0078
- RHSA-2016:0078
- RHSA-2016:0079
- RHSA-2016:0079
- DSA-3420
- DSA-3420
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 79349
- 79349
- 1034418
- 1034418
- SSA:2015-349-01
- SSA:2015-349-01
- USN-2837-1
- USN-2837-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
- https://kb.isc.org/article/AA-01317
- https://kb.isc.org/article/AA-01317
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://kb.isc.org/article/AA-01438
Modified: 2024-11-21
CVE-2015-8461
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
- FEDORA-2015-09bf9e06ea
- FEDORA-2015-09bf9e06ea
- FEDORA-2015-2df40de264
- FEDORA-2015-2df40de264
- 79347
- 79347
- 1034419
- 1034419
- SSA:2015-349-01
- SSA:2015-349-01
- https://kb.isc.org/article/AA-01319
- https://kb.isc.org/article/AA-01319
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://kb.isc.org/article/AA-01438
Modified: 2024-11-21
CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
- FEDORA-2016-364c0a9df4
- FEDORA-2016-364c0a9df4
- FEDORA-2016-161b73fc2c
- FEDORA-2016-161b73fc2c
- FEDORA-2016-b593e84223
- FEDORA-2016-b593e84223
- FEDORA-2016-5047abe4a9
- FEDORA-2016-5047abe4a9
- FEDORA-2016-75f31fbb0a
- FEDORA-2016-75f31fbb0a
- FEDORA-2016-dce6dbe6a8
- FEDORA-2016-dce6dbe6a8
- SUSE-SU-2016:0759
- SUSE-SU-2016:0759
- SUSE-SU-2016:0780
- SUSE-SU-2016:0780
- SUSE-SU-2016:0825
- SUSE-SU-2016:0825
- openSUSE-SU-2016:0827
- openSUSE-SU-2016:0827
- openSUSE-SU-2016:0830
- openSUSE-SU-2016:0830
- openSUSE-SU-2016:0834
- openSUSE-SU-2016:0834
- openSUSE-SU-2016:0859
- openSUSE-SU-2016:0859
- SUSE-SU-2016:1541
- SUSE-SU-2016:1541
- HPSBUX03583
- HPSBUX03583
- SSRT110084
- SSRT110084
- RHSA-2016:0562
- RHSA-2016:0562
- RHSA-2016:0601
- RHSA-2016:0601
- DSA-3511
- DSA-3511
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 1035236
- 1035236
- USN-2925-1
- USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://kb.isc.org/article/AA-01438
- FreeBSD-SA-16:13
- FreeBSD-SA-16:13
- GLSA-201610-07
- GLSA-201610-07
Modified: 2024-11-21
CVE-2016-1286
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
- FEDORA-2016-364c0a9df4
- FEDORA-2016-364c0a9df4
- FEDORA-2016-161b73fc2c
- FEDORA-2016-161b73fc2c
- FEDORA-2016-b593e84223
- FEDORA-2016-b593e84223
- FEDORA-2016-5047abe4a9
- FEDORA-2016-5047abe4a9
- FEDORA-2016-75f31fbb0a
- FEDORA-2016-75f31fbb0a
- FEDORA-2016-dce6dbe6a8
- FEDORA-2016-dce6dbe6a8
- SUSE-SU-2016:0759
- SUSE-SU-2016:0759
- SUSE-SU-2016:0780
- SUSE-SU-2016:0780
- SUSE-SU-2016:0825
- SUSE-SU-2016:0825
- openSUSE-SU-2016:0827
- openSUSE-SU-2016:0827
- openSUSE-SU-2016:0830
- openSUSE-SU-2016:0830
- openSUSE-SU-2016:0834
- openSUSE-SU-2016:0834
- openSUSE-SU-2016:0859
- openSUSE-SU-2016:0859
- SUSE-SU-2016:1541
- SUSE-SU-2016:1541
- HPSBUX03583
- HPSBUX03583
- SSRT110084
- SSRT110084
- RHSA-2016:0562
- RHSA-2016:0562
- RHSA-2016:0601
- RHSA-2016:0601
- DSA-3511
- DSA-3511
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 1035237
- 1035237
- USN-2925-1
- USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://kb.isc.org/article/AA-01438
- FreeBSD-SA-16:13
- FreeBSD-SA-16:13
- GLSA-201610-07
- GLSA-201610-07
Modified: 2024-11-21
CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
- RHSA-2017:0276
- RHSA-2017:0276
- 96150
- 96150
- 1037801
- 1037801
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://kb.isc.org/docs/aa-01453
- https://kb.isc.org/docs/aa-01453
- GLSA-201708-01
- GLSA-201708-01
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://security.netapp.com/advisory/ntap-20180926-0005/
- DSA-3795
- DSA-3795
Package adobe-flash-player-ppapi updated to version 24-alt2 for branch sisyphus in task 176067.
Closed vulnerabilities
BDU:2017-00208
Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты
BDU:2017-00209
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00210
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00211
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00212
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00213
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00214
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00215
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00216
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00217
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00218
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00219
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00220
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-2925
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2926
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2927
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2928
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2930
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
- http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html
- http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html
- RHSA-2017:0057
- RHSA-2017:0057
- 95350
- 95350
- 1037570
- 1037570
- https://cosig.gouv.qc.ca/en/cosig-2017-01-en/
- https://cosig.gouv.qc.ca/en/cosig-2017-01-en/
- https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
- https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
- GLSA-201702-20
- GLSA-201702-20
- 41008
- 41008
- 41012
- 41012
Modified: 2024-11-21
CVE-2017-2931
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2932
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2933
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2934
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2935
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2936
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2937
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-2938
Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.
Package libgdk-pixbuf updated to version 2.36.3-alt2 for branch sisyphus in task 176448.
Closed bugs
дочиним сборку --without x11?
Closed bugs
program does not want to start
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-10128
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0484
- openSUSE-SU-2017:0484
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- 95338
- 95338
- https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2
- https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2
- https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834
- https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834
- https://libgit2.github.com/security/
- https://libgit2.github.com/security/
Modified: 2024-11-21
CVE-2016-10129
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0484
- openSUSE-SU-2017:0484
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- 95339
- 95339
- https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
- https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
- https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037
- https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037
- https://libgit2.github.com/security/
- https://libgit2.github.com/security/
Modified: 2024-11-21
CVE-2016-10130
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0484
- openSUSE-SU-2017:0484
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- 95359
- 95359
- https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
- https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
- https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211
- https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211
- https://libgit2.github.com/security/
- https://libgit2.github.com/security/