2017-02-13
ALT-BU-2017-2932-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2016-05-25
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8853
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html
- http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
- http://www.openwall.com/lists/oss-security/2016/04/20/5
- http://www.openwall.com/lists/oss-security/2016/04/20/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/86707
- https://bugzilla.redhat.com/show_bug.cgi?id=1329106
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://rt.perl.org/Public/Bug/Display.html?id=123562
- https://security.gentoo.org/glsa/201701-75
- https://usn.ubuntu.com/3625-1/
- https://usn.ubuntu.com/3625-2/
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html
- http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
- http://www.openwall.com/lists/oss-security/2016/04/20/5
- http://www.openwall.com/lists/oss-security/2016/04/20/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/86707
- https://bugzilla.redhat.com/show_bug.cgi?id=1329106
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://rt.perl.org/Public/Bug/Display.html?id=123562
- https://security.gentoo.org/glsa/201701-75
- https://usn.ubuntu.com/3625-1/
- https://usn.ubuntu.com/3625-2/
Published: 2016-04-08
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html
- http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
- http://www.debian.org/security/2016/dsa-3501
- http://www.gossamer-threads.com/lists/perl/porters/326387
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/83802
- http://www.ubuntu.com/usn/USN-2916-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://security.gentoo.org/glsa/201701-75
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html
- http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
- http://www.debian.org/security/2016/dsa-3501
- http://www.gossamer-threads.com/lists/perl/porters/326387
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/83802
- http://www.ubuntu.com/usn/USN-2916-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://security.gentoo.org/glsa/201701-75
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Closed vulnerabilities
Published: 2018-07-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-2615
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Severity: CRITICAL (9.0)
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References:
- http://rhn.redhat.com/errata/RHSA-2017-0309.html
- http://rhn.redhat.com/errata/RHSA-2017-0328.html
- http://rhn.redhat.com/errata/RHSA-2017-0329.html
- http://rhn.redhat.com/errata/RHSA-2017-0330.html
- http://rhn.redhat.com/errata/RHSA-2017-0331.html
- http://rhn.redhat.com/errata/RHSA-2017-0332.html
- http://rhn.redhat.com/errata/RHSA-2017-0333.html
- http://rhn.redhat.com/errata/RHSA-2017-0334.html
- http://rhn.redhat.com/errata/RHSA-2017-0344.html
- http://rhn.redhat.com/errata/RHSA-2017-0350.html
- http://rhn.redhat.com/errata/RHSA-2017-0396.html
- http://rhn.redhat.com/errata/RHSA-2017-0454.html
- http://www.openwall.com/lists/oss-security/2017/02/01/6
- http://www.securityfocus.com/bid/95990
- http://www.securitytracker.com/id/1037804
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
- https://security.gentoo.org/glsa/201702-27
- https://security.gentoo.org/glsa/201702-28
- https://support.citrix.com/article/CTX220771
- http://rhn.redhat.com/errata/RHSA-2017-0309.html
- http://rhn.redhat.com/errata/RHSA-2017-0328.html
- http://rhn.redhat.com/errata/RHSA-2017-0329.html
- http://rhn.redhat.com/errata/RHSA-2017-0330.html
- http://rhn.redhat.com/errata/RHSA-2017-0331.html
- http://rhn.redhat.com/errata/RHSA-2017-0332.html
- http://rhn.redhat.com/errata/RHSA-2017-0333.html
- http://rhn.redhat.com/errata/RHSA-2017-0334.html
- http://rhn.redhat.com/errata/RHSA-2017-0344.html
- http://rhn.redhat.com/errata/RHSA-2017-0350.html
- http://rhn.redhat.com/errata/RHSA-2017-0396.html
- http://rhn.redhat.com/errata/RHSA-2017-0454.html
- http://www.openwall.com/lists/oss-security/2017/02/01/6
- http://www.securityfocus.com/bid/95990
- http://www.securitytracker.com/id/1037804
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
- https://security.gentoo.org/glsa/201702-27
- https://security.gentoo.org/glsa/201702-28
- https://support.citrix.com/article/CTX220771