ALT-BU-2017-2939-1
Branch c6 update bulletin.
Package kernel-image-el-smp updated to version 2.6.32-alt45.M60C.3 for branch c6 in task 171433.
Closed vulnerabilities
BDU:2017-00758
Уязвимость компонента mm/gup.c операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2025-04-08
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
- 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
- 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
- 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
- 93793
- 93793
- 1037078
- 1037078
- USN-3104-1
- USN-3104-1
- USN-3104-2
- USN-3104-2
- USN-3105-1
- USN-3105-1
- USN-3105-2
- USN-3105-2
- USN-3106-1
- USN-3106-1
- USN-3106-2
- USN-3106-2
- USN-3106-3
- USN-3106-3
- USN-3106-4
- USN-3106-4
- USN-3107-1
- USN-3107-1
- USN-3107-2
- USN-3107-2
- RHSA-2017:0372
- RHSA-2017:0372
- https://access.redhat.com/security/cve/cve-2016-5195
- https://access.redhat.com/security/cve/cve-2016-5195
- https://access.redhat.com/security/vulnerabilities/2706661
- https://access.redhat.com/security/vulnerabilities/2706661
- https://bto.bluecoat.com/security-advisory/sa134
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
- https://bugzilla.suse.com/show_bug.cgi?id=1004418
- https://bugzilla.suse.com/show_bug.cgi?id=1004418
- https://dirtycow.ninja
- https://dirtycow.ninja
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
- https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
- https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
- https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- FEDORA-2016-db4b75b352
- FEDORA-2016-db4b75b352
- FEDORA-2016-c8a0c7eece
- FEDORA-2016-c8a0c7eece
- FEDORA-2016-c3558808cd
- FEDORA-2016-c3558808cd
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
- https://security.netapp.com/advisory/ntap-20161025-0001/
- https://security.netapp.com/advisory/ntap-20161025-0001/
- https://security.paloaltonetworks.com/CVE-2016-5195
- https://security.paloaltonetworks.com/CVE-2016-5195
- https://security-tracker.debian.org/tracker/CVE-2016-5195
- https://security-tracker.debian.org/tracker/CVE-2016-5195
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-12-01.html
- https://source.android.com/security/bulletin/2016-12-01.html
- 20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue
- 20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue
- https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
- https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
- 40611
- 40611
- 40616
- 40616
- 40839
- 40839
- 40847
- 40847
- VU#243144
- VU#243144
- http://fortiguard.com/advisory/FG-IR-16-063
- http://fortiguard.com/advisory/FG-IR-16-063
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- openSUSE-SU-2016:2583
- openSUSE-SU-2016:2583
- openSUSE-SU-2016:2584
- openSUSE-SU-2016:2584
- SUSE-SU-2016:2585
- SUSE-SU-2016:2585
- SUSE-SU-2016:2592
- SUSE-SU-2016:2592
- SUSE-SU-2016:2593
- SUSE-SU-2016:2593
- SUSE-SU-2016:2596
- SUSE-SU-2016:2596
- SUSE-SU-2016:2614
- SUSE-SU-2016:2614
- openSUSE-SU-2016:2625
- openSUSE-SU-2016:2625
- SUSE-SU-2016:2629
- SUSE-SU-2016:2629
- SUSE-SU-2016:2630
- SUSE-SU-2016:2630
- SUSE-SU-2016:2631
- SUSE-SU-2016:2631
- SUSE-SU-2016:2632
- SUSE-SU-2016:2632
- SUSE-SU-2016:2633
- SUSE-SU-2016:2633
- SUSE-SU-2016:2634
- SUSE-SU-2016:2634
- SUSE-SU-2016:2635
- SUSE-SU-2016:2635
- SUSE-SU-2016:2636
- SUSE-SU-2016:2636
- SUSE-SU-2016:2637
- SUSE-SU-2016:2637
- SUSE-SU-2016:2638
- SUSE-SU-2016:2638
- openSUSE-SU-2016:2649
- openSUSE-SU-2016:2649
- SUSE-SU-2016:2655
- SUSE-SU-2016:2655
- SUSE-SU-2016:2657
- SUSE-SU-2016:2657
- SUSE-SU-2016:2658
- SUSE-SU-2016:2658
- SUSE-SU-2016:2659
- SUSE-SU-2016:2659
- SUSE-SU-2016:2673
- SUSE-SU-2016:2673
- SUSE-SU-2016:3069
- SUSE-SU-2016:3069
- SUSE-SU-2016:3304
- SUSE-SU-2016:3304
- openSUSE-SU-2020:0554
- openSUSE-SU-2020:0554
- http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
- http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
- http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
- http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
- http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
- http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
- RHSA-2016:2098
- RHSA-2016:2098
- RHSA-2016:2105
- RHSA-2016:2105
- RHSA-2016:2106
- RHSA-2016:2106
- RHSA-2016:2107
- RHSA-2016:2107
- RHSA-2016:2110
- RHSA-2016:2110
- RHSA-2016:2118
- RHSA-2016:2118
- RHSA-2016:2120
- RHSA-2016:2120
- RHSA-2016:2124
- RHSA-2016:2124
- RHSA-2016:2126
- RHSA-2016:2126
- RHSA-2016:2127
- RHSA-2016:2127
- RHSA-2016:2128
- RHSA-2016:2128
- RHSA-2016:2132
- RHSA-2016:2132
- RHSA-2016:2133
- RHSA-2016:2133
- 20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
- 20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
- DSA-3696
- DSA-3696
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
- [oss-security] 20161021 CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- [oss-security] 20161021 CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- [oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- [oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- [oss-security] 20161027 CVE-2016-5195 test case
- [oss-security] 20161027 CVE-2016-5195 test case
- [oss-security] 20161030 Re: CVE-2016-5195 test case
- [oss-security] 20161030 Re: CVE-2016-5195 test case
- [oss-security] 20161103 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- [oss-security] 20161103 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- [oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files
- [oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files
- [oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
Closed vulnerabilities
BDU:2015-04284
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04285
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04286
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04287
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04288
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04289
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04290
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04291
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04292
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04293
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04294
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04295
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05856
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05857
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05858
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05859
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05860
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05861
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05862
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05863
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05864
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05865
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05866
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05867
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05868
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05869
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05870
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05871
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05872
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05873
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05874
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05875
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05876
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05877
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05878
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05879
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05880
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05881
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05882
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05883
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05884
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05885
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05886
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07218
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07220
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07222
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07224
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07226
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07228
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07231
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2022-04623
Уязвимость функции clntudp_call (sunrpc/clnt_udp.c) в библиотеке GNU C (glibc или libc6), связанная с записью за границами буфера в памяти, позволяющая нарушителю вводить и выполнять произвольные команды или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2014-4043
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
- openSUSE-SU-2015:1387
- openSUSE-SU-2015:1387
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- MDVSA-2014:152
- MDVSA-2014:152
- 68006
- 68006
- https://bugzilla.redhat.com/show_bug.cgi?id=1109263
- https://bugzilla.redhat.com/show_bug.cgi?id=1109263
- gnuclibrary-cve20144043-code-exec(93784)
- gnuclibrary-cve20144043-code-exec(93784)
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- GLSA-201503-04
- GLSA-201503-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=17048
- https://sourceware.org/bugzilla/show_bug.cgi?id=17048
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=ChangeLog%3Bh=3020b9ac232315df362521aeaf85f21cb9926db8%3Bhp=d86e73963dd9fb5e21b1a28326630337226812aa%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=ChangeLog%3Bh=3020b9ac232315df362521aeaf85f21cb9926db8%3Bhp=d86e73963dd9fb5e21b1a28326630337226812aa%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=posix/spawn_faction_addopen.c%3Bh=40800b8e6e81341501c0fb8a91009529e2048dec%3Bhp=47f62425b696a4fdd511b2a057746322eb6518db%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=posix/spawn_faction_addopen.c%3Bh=40800b8e6e81341501c0fb8a91009529e2048dec%3Bhp=47f62425b696a4fdd511b2a057746322eb6518db%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=89e435f3559c53084498e9baad22172b64429362
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=89e435f3559c53084498e9baad22172b64429362
Modified: 2024-11-21
CVE-2014-5119
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
- http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
- http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- SUSE-SU-2014:1125
- SUSE-SU-2014:1125
- RHSA-2014:1118
- RHSA-2014:1118
- 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit
- 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit
- 60345
- 60345
- 60358
- 60358
- 60441
- 60441
- 61074
- 61074
- 61093
- 61093
- 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability
- 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability
- DSA-3012
- DSA-3012
- MDVSA-2014:175
- MDVSA-2014:175
- [oss-security] 20170713 glibc locale issues
- [oss-security] 20170713 glibc locale issues
- [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)
- [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)
- 68983
- 68983
- 69738
- 69738
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- https://code.google.com/p/google-security-research/issues/detail?id=96
- https://code.google.com/p/google-security-research/issues/detail?id=96
- RHSA-2014:1110
- RHSA-2014:1110
- GLSA-201602-02
- GLSA-201602-02
- https://sourceware.org/bugzilla/show_bug.cgi?id=17187
- https://sourceware.org/bugzilla/show_bug.cgi?id=17187
Modified: 2024-11-21
CVE-2014-9402
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
- openSUSE-SU-2015:0351
- openSUSE-SU-2015:0351
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- [oss-security] 20141217 Re: CVE request: glibc
- [oss-security] 20141217 Re: CVE request: glibc
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- 71670
- 71670
- USN-2519-1
- USN-2519-1
- RHSA-2018:0805
- RHSA-2018:0805
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- GLSA-201602-02
- GLSA-201602-02
- https://sourceware.org/bugzilla/show_bug.cgi?id=17630
- https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Modified: 2024-11-21
CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
- FEDORA-2016-68abc0be35
- FEDORA-2016-68abc0be35
- SUSE-SU-2016:0470
- SUSE-SU-2016:0470
- SUSE-SU-2016:0471
- SUSE-SU-2016:0471
- SUSE-SU-2016:0472
- SUSE-SU-2016:0472
- SUSE-SU-2016:0473
- SUSE-SU-2016:0473
- openSUSE-SU-2016:0510
- openSUSE-SU-2016:0510
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- RHSA-2017:0680
- RHSA-2017:0680
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- [oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23
- [oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23
- [oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23
- [oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23
- 83306
- 83306
- USN-2985-1
- USN-2985-1
- USN-2985-2
- USN-2985-2
- RHSA-2017:1916
- RHSA-2017:1916
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- GLSA-201702-11
- GLSA-201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=16962
- https://sourceware.org/bugzilla/show_bug.cgi?id=16962
- [libc-alpha] 20160219 The GNU C Library version 2.23 is now available
- [libc-alpha] 20160219 The GNU C Library version 2.23 is now available
Modified: 2024-11-21
CVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
- FEDORA-2016-68abc0be35
- FEDORA-2016-68abc0be35
- SUSE-SU-2016:0470
- SUSE-SU-2016:0470
- SUSE-SU-2016:0471
- SUSE-SU-2016:0471
- SUSE-SU-2016:0472
- SUSE-SU-2016:0472
- SUSE-SU-2016:0473
- SUSE-SU-2016:0473
- openSUSE-SU-2016:0510
- openSUSE-SU-2016:0510
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- RHSA-2017:0680
- RHSA-2017:0680
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- DSA-3480
- DSA-3480
- DSA-3481
- DSA-3481
- [oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23
- [oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23
- [oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23
- [oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23
- 83275
- 83275
- USN-2985-1
- USN-2985-1
- USN-2985-2
- USN-2985-2
- RHSA-2017:1916
- RHSA-2017:1916
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- GLSA-201602-02
- GLSA-201602-02
- GLSA-201702-11
- GLSA-201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=18240
- https://sourceware.org/bugzilla/show_bug.cgi?id=18240
- [libc-alpha] 20160219 The GNU C Library version 2.23 is now available
- [libc-alpha] 20160219 The GNU C Library version 2.23 is now available
Modified: 2024-11-21
CVE-2016-4429
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1527
- openSUSE-SU-2016:1779
- openSUSE-SU-2016:1779
- 102073
- 102073
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update
- https://source.android.com/security/bulletin/2017-12-01
- https://source.android.com/security/bulletin/2017-12-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- USN-3759-1
- USN-3759-1
- USN-3759-2
- USN-3759-2
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
Closed vulnerabilities
BDU:2019-01635
Уязвимость генератора псевдослучайных чисел библиотеки криптографии Libgcrypt, связанная с раскрытием информации, позволяющая нарушителю прогнозировать выходные данные
Modified: 2024-11-21
CVE-2016-6313
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- RHSA-2016:2674
- RHSA-2016:2674
- DSA-3649
- DSA-3649
- DSA-3650
- DSA-3650
- 92527
- 92527
- 1036635
- 1036635
- USN-3064-1
- USN-3064-1
- USN-3065-1
- USN-3065-1
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- [gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
- [gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
- GLSA-201610-04
- GLSA-201610-04
- GLSA-201612-01
- GLSA-201612-01
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8948
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
- openSUSE-SU-2016:1924
- openSUSE-SU-2016:1924
- openSUSE-SU-2016:2135
- openSUSE-SU-2016:2135
- DSA-3658
- DSA-3658
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- 92070
- 92070
- USN-3068-1
- USN-3068-1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [help-libidn] 20160720 Libidn 1.33 released
- [help-libidn] 20160720 Libidn 1.33 released
Modified: 2024-11-21
CVE-2016-6261
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
- openSUSE-SU-2016:2135
- openSUSE-SU-2016:2135
- DSA-3658
- DSA-3658
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- 92070
- 92070
- USN-3068-1
- USN-3068-1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i
- [help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i
- [help-libidn] 20160720 Libidn 1.33 released
- [help-libidn] 20160720 Libidn 1.33 released
Modified: 2024-11-21
CVE-2016-6262
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
- openSUSE-SU-2016:1924
- openSUSE-SU-2016:1924
- openSUSE-SU-2016:2135
- openSUSE-SU-2016:2135
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- 92070
- 92070
- USN-3068-1
- USN-3068-1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [help-libidn] 20160720 Libidn 1.33 released
- [help-libidn] 20160720 Libidn 1.33 released
Modified: 2024-11-21
CVE-2016-6263
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
- openSUSE-SU-2016:1924
- openSUSE-SU-2016:1924
- openSUSE-SU-2016:2135
- openSUSE-SU-2016:2135
- DSA-3658
- DSA-3658
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
- 92070
- 92070
- USN-3068-1
- USN-3068-1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [help-libidn] 20160720 Libidn 1.33 released
- [help-libidn] 20160720 Libidn 1.33 released
- GLSA-201908-06
- GLSA-201908-06
Closed vulnerabilities
BDU:2019-03749
Уязвимость функции safer_name_suffix архиватора GNU Tar, позволяющая нарушителю обойти предполагаемый механизм защиты и произвести запись в произвольные файлы
Modified: 2024-11-21
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- [bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321
- [bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- 20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update
- 20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update
- 20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
- 20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
- DSA-3702
- DSA-3702
- 93937
- 93937
- USN-3132-1
- USN-3132-1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- GLSA-201611-19
- GLSA-201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9401
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
- RHSA-2017:0725
- RHSA-2017:0725
- [oss-security] 20161117 bash - popd controlled free
- [oss-security] 20161117 bash - popd controlled free
- [oss-security] 20161117 Re: bash - popd controlled free
- [oss-security] 20161117 Re: bash - popd controlled free
- 94398
- 94398
- RHSA-2017:1931
- RHSA-2017:1931
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
- GLSA-201701-02
- GLSA-201701-02
Closed vulnerabilities
BDU:2015-10226
Уязвимость интерпретатора PHP, позволяющая удалённому нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему
Modified: 2024-11-21
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
- http://bugs.gw.com/view.php?id=409
- http://bugs.gw.com/view.php?id=409
- HPSBMU03380
- HPSBMU03380
- HPSBMU03409
- HPSBMU03409
- [file] 20141216 [PATCH] readelf.c: better checks for values returned by pread
- [file] 20141216 [PATCH] readelf.c: better checks for values returned by pread
- [oss-security] 20150205 Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic
- [oss-security] 20150205 Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-5.php
- RHSA-2016:0760
- RHSA-2016:0760
- DSA-3196
- DSA-3196
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 72516
- 72516
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- GLSA-201701-42
- GLSA-201701-42
- USN-3686-1
- USN-3686-1
Closed vulnerabilities
BDU:2021-01720
Уязвимость функции bzip2recover программного обеспечения для сжатия данных Bzip2, связанная с использованием после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
- http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
- http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
- http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
- [oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover
- [oss-security] 20160620 CVE-2016-3189: bzip2 use-after-free on bzip2recover
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 91297
- 91297
- 1036132
- 1036132
- https://bugzilla.redhat.com/show_bug.cgi?id=1319648
- https://bugzilla.redhat.com/show_bug.cgi?id=1319648
- [kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20200414 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-dev] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Resolved] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20200413 [jira] [Updated] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka
- [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka
- [kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-dev] 20200413 [jira] [Created] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
- [debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update
- [debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update
- 20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2
- 20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2
- 20190715 [slackware-security] bzip2 (SSA:2019-195-01)
- 20190715 [slackware-security] bzip2 (SSA:2019-195-01)
- FreeBSD-SA-19:18
- FreeBSD-SA-19:18
- GLSA-201708-08
- GLSA-201708-08
- USN-4038-1
- USN-4038-1
- USN-4038-2
- USN-4038-2
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html