2017-02-18
ALT-BU-2017-2939-1
Branch c6 update bulletin.
Package kernel-image-el-smp updated to version 2.6.32-alt45.M60C.3 for branch c6 in task 171433.
Closed vulnerabilities
Published: 2017-04-06
Modified: 2025-02-06
Modified: 2025-02-06
BDU:2017-00758
Уязвимость компонента mm/gup.c операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.0)
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2016-11-10
Modified: 2025-11-04
Modified: 2025-11-04
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://fortiguard.com/advisory/FG-IR-16-063
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
- http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
- http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
- http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
- http://rhn.redhat.com/errata/RHSA-2016-2098.html
- http://rhn.redhat.com/errata/RHSA-2016-2105.html
- http://rhn.redhat.com/errata/RHSA-2016-2106.html
- http://rhn.redhat.com/errata/RHSA-2016-2107.html
- http://rhn.redhat.com/errata/RHSA-2016-2110.html
- http://rhn.redhat.com/errata/RHSA-2016-2118.html
- http://rhn.redhat.com/errata/RHSA-2016-2120.html
- http://rhn.redhat.com/errata/RHSA-2016-2124.html
- http://rhn.redhat.com/errata/RHSA-2016-2126.html
- http://rhn.redhat.com/errata/RHSA-2016-2127.html
- http://rhn.redhat.com/errata/RHSA-2016-2128.html
- http://rhn.redhat.com/errata/RHSA-2016-2132.html
- http://rhn.redhat.com/errata/RHSA-2016-2133.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
- http://www.debian.org/security/2016/dsa-3696
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
- http://www.openwall.com/lists/oss-security/2016/10/21/1
- http://www.openwall.com/lists/oss-security/2016/10/26/7
- http://www.openwall.com/lists/oss-security/2016/10/27/13
- http://www.openwall.com/lists/oss-security/2016/10/30/1
- http://www.openwall.com/lists/oss-security/2016/11/03/7
- http://www.openwall.com/lists/oss-security/2022/03/07/1
- http://www.openwall.com/lists/oss-security/2022/08/08/1
- http://www.openwall.com/lists/oss-security/2022/08/08/2
- http://www.openwall.com/lists/oss-security/2022/08/08/7
- http://www.openwall.com/lists/oss-security/2022/08/08/8
- http://www.openwall.com/lists/oss-security/2022/08/09/4
- http://www.openwall.com/lists/oss-security/2022/08/15/1
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/archive/1/539611/100/0/threaded
- http://www.securityfocus.com/archive/1/540252/100/0/threaded
- http://www.securityfocus.com/archive/1/540344/100/0/threaded
- http://www.securityfocus.com/archive/1/540736/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded
- http://www.securityfocus.com/bid/93793
- http://www.securitytracker.com/id/1037078
- http://www.ubuntu.com/usn/USN-3104-1
- http://www.ubuntu.com/usn/USN-3104-2
- http://www.ubuntu.com/usn/USN-3105-1
- http://www.ubuntu.com/usn/USN-3105-2
- http://www.ubuntu.com/usn/USN-3106-1
- http://www.ubuntu.com/usn/USN-3106-2
- http://www.ubuntu.com/usn/USN-3106-3
- http://www.ubuntu.com/usn/USN-3106-4
- http://www.ubuntu.com/usn/USN-3107-1
- http://www.ubuntu.com/usn/USN-3107-2
- https://access.redhat.com/errata/RHSA-2017:0372
- https://access.redhat.com/security/cve/cve-2016-5195
- https://access.redhat.com/security/vulnerabilities/2706661
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
- https://bugzilla.suse.com/show_bug.cgi?id=1004418
- https://dirtycow.ninja
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
- https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
- https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
- https://security-tracker.debian.org/tracker/CVE-2016-5195
- https://security.netapp.com/advisory/ntap-20161025-0001/
- https://security.paloaltonetworks.com/CVE-2016-5195
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-12-01.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
- https://www.exploit-db.com/exploits/40611/
- https://www.exploit-db.com/exploits/40616/
- https://www.exploit-db.com/exploits/40839/
- https://www.exploit-db.com/exploits/40847/
- https://www.kb.cert.org/vuls/id/243144
- http://fortiguard.com/advisory/FG-IR-16-063
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
- http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
- http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
- http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
- http://rhn.redhat.com/errata/RHSA-2016-2098.html
- http://rhn.redhat.com/errata/RHSA-2016-2105.html
- http://rhn.redhat.com/errata/RHSA-2016-2106.html
- http://rhn.redhat.com/errata/RHSA-2016-2107.html
- http://rhn.redhat.com/errata/RHSA-2016-2110.html
- http://rhn.redhat.com/errata/RHSA-2016-2118.html
- http://rhn.redhat.com/errata/RHSA-2016-2120.html
- http://rhn.redhat.com/errata/RHSA-2016-2124.html
- http://rhn.redhat.com/errata/RHSA-2016-2126.html
- http://rhn.redhat.com/errata/RHSA-2016-2127.html
- http://rhn.redhat.com/errata/RHSA-2016-2128.html
- http://rhn.redhat.com/errata/RHSA-2016-2132.html
- http://rhn.redhat.com/errata/RHSA-2016-2133.html
- http://seclists.org/fulldisclosure/2024/Aug/35
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
- http://www.debian.org/security/2016/dsa-3696
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
- http://www.openwall.com/lists/oss-security/2016/10/21/1
- http://www.openwall.com/lists/oss-security/2016/10/26/7
- http://www.openwall.com/lists/oss-security/2016/10/27/13
- http://www.openwall.com/lists/oss-security/2016/10/30/1
- http://www.openwall.com/lists/oss-security/2016/11/03/7
- http://www.openwall.com/lists/oss-security/2022/03/07/1
- http://www.openwall.com/lists/oss-security/2022/08/08/1
- http://www.openwall.com/lists/oss-security/2022/08/08/2
- http://www.openwall.com/lists/oss-security/2022/08/08/7
- http://www.openwall.com/lists/oss-security/2022/08/08/8
- http://www.openwall.com/lists/oss-security/2022/08/09/4
- http://www.openwall.com/lists/oss-security/2022/08/15/1
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/archive/1/539611/100/0/threaded
- http://www.securityfocus.com/archive/1/540252/100/0/threaded
- http://www.securityfocus.com/archive/1/540344/100/0/threaded
- http://www.securityfocus.com/archive/1/540736/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded
- http://www.securityfocus.com/bid/93793
- http://www.securitytracker.com/id/1037078
- http://www.ubuntu.com/usn/USN-3104-1
- http://www.ubuntu.com/usn/USN-3104-2
- http://www.ubuntu.com/usn/USN-3105-1
- http://www.ubuntu.com/usn/USN-3105-2
- http://www.ubuntu.com/usn/USN-3106-1
- http://www.ubuntu.com/usn/USN-3106-2
- http://www.ubuntu.com/usn/USN-3106-3
- http://www.ubuntu.com/usn/USN-3106-4
- http://www.ubuntu.com/usn/USN-3107-1
- http://www.ubuntu.com/usn/USN-3107-2
- https://access.redhat.com/errata/RHSA-2017:0372
- https://access.redhat.com/security/cve/cve-2016-5195
- https://access.redhat.com/security/vulnerabilities/2706661
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
- https://bugzilla.suse.com/show_bug.cgi?id=1004418
- https://dirtycow.ninja
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
- https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
- https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
- https://security-tracker.debian.org/tracker/CVE-2016-5195
- https://security.netapp.com/advisory/ntap-20161025-0001/
- https://security.paloaltonetworks.com/CVE-2016-5195
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-12-01.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
- https://www.exploit-db.com/exploits/40611/
- https://www.exploit-db.com/exploits/40616/
- https://www.exploit-db.com/exploits/40839/
- https://www.exploit-db.com/exploits/40847/
- https://www.kb.cert.org/vuls/id/243144
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195
Closed vulnerabilities
Published: 2015-04-28
Modified: 2024-07-05
Modified: 2024-07-05
BDU:2015-04284
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04285
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04286
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04287
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04288
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04289
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04290
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04291
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04292
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04293
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04294
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04295
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2024-07-05
Modified: 2024-07-05
BDU:2015-05856
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05857
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05858
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05859
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05860
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05861
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05862
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05863
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05864
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05865
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05866
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05867
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05868
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05869
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05870
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05871
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05872
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05873
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05874
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05875
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05876
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05877
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05878
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05879
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05880
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05881
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05882
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05883
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05884
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05885
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-05886
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07218
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07220
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07222
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07224
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07226
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07228
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-07231
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2022-07-26
Modified: 2023-11-21
Modified: 2023-11-21
BDU:2022-04623
Уязвимость функции clntudp_call (sunrpc/clnt_udp.c) в библиотеке GNU C (glibc или libc6), связанная с записью за границами буфера в памяти, позволяющая нарушителю вводить и выполнять произвольные команды или вызвать отказ в обслуживании
Severity: MEDIUM (5.9)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (5.4)
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C
References:
Published: 2014-10-06
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-4043
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
- http://www.securityfocus.com/bid/68006
- https://bugzilla.redhat.com/show_bug.cgi?id=1109263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93784
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201503-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=17048
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=ChangeLog%3Bh=3020b9ac232315df362521aeaf85f21cb9926db8%3Bhp=d86e73963dd9fb5e21b1a28326630337226812aa%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=posix/spawn_faction_addopen.c%3Bh=40800b8e6e81341501c0fb8a91009529e2048dec%3Bhp=47f62425b696a4fdd511b2a057746322eb6518db%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=89e435f3559c53084498e9baad22172b64429362
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
- http://www.securityfocus.com/bid/68006
- https://bugzilla.redhat.com/show_bug.cgi?id=1109263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93784
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201503-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=17048
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=ChangeLog%3Bh=3020b9ac232315df362521aeaf85f21cb9926db8%3Bhp=d86e73963dd9fb5e21b1a28326630337226812aa%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=posix/spawn_faction_addopen.c%3Bh=40800b8e6e81341501c0fb8a91009529e2048dec%3Bhp=47f62425b696a4fdd511b2a057746322eb6518db%3Bhb=89e435f3559c53084498e9baad22172b64429362%3Bhpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=89e435f3559c53084498e9baad22172b64429362
Published: 2014-08-29
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-5119
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
- http://rhn.redhat.com/errata/RHSA-2014-1118.html
- http://seclists.org/fulldisclosure/2014/Aug/69
- http://secunia.com/advisories/60345
- http://secunia.com/advisories/60358
- http://secunia.com/advisories/60441
- http://secunia.com/advisories/61074
- http://secunia.com/advisories/61093
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- http://www.debian.org/security/2014/dsa-3012
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
- http://www.openwall.com/lists/oss-security/2014/07/14/1
- http://www.openwall.com/lists/oss-security/2014/08/13/5
- http://www.securityfocus.com/bid/68983
- http://www.securityfocus.com/bid/69738
- https://code.google.com/p/google-security-research/issues/detail?id=96
- https://rhn.redhat.com/errata/RHSA-2014-1110.html
- https://security.gentoo.org/glsa/201602-02
- https://sourceware.org/bugzilla/show_bug.cgi?id=17187
- http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
- http://rhn.redhat.com/errata/RHSA-2014-1118.html
- http://seclists.org/fulldisclosure/2014/Aug/69
- http://secunia.com/advisories/60345
- http://secunia.com/advisories/60358
- http://secunia.com/advisories/60441
- http://secunia.com/advisories/61074
- http://secunia.com/advisories/61093
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- http://www.debian.org/security/2014/dsa-3012
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
- http://www.openwall.com/lists/oss-security/2014/07/14/1
- http://www.openwall.com/lists/oss-security/2014/08/13/5
- http://www.securityfocus.com/bid/68983
- http://www.securityfocus.com/bid/69738
- https://code.google.com/p/google-security-research/issues/detail?id=96
- https://rhn.redhat.com/errata/RHSA-2014-1110.html
- https://security.gentoo.org/glsa/201602-02
- https://sourceware.org/bugzilla/show_bug.cgi?id=17187
Published: 2015-02-24
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9402
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Severity: HIGH (7.8)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.openwall.com/lists/oss-security/2014/12/18/1
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/71670
- http://www.ubuntu.com/usn/USN-2519-1
- https://access.redhat.com/errata/RHSA-2018:0805
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://sourceware.org/bugzilla/show_bug.cgi?id=17630
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.openwall.com/lists/oss-security/2014/12/18/1
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/71670
- http://www.ubuntu.com/usn/USN-2519-1
- https://access.redhat.com/errata/RHSA-2018:0805
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Published: 2016-04-19
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://rhn.redhat.com/errata/RHSA-2017-0680.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.openwall.com/lists/oss-security/2016/01/19/11
- http://www.openwall.com/lists/oss-security/2016/01/20/1
- http://www.securityfocus.com/bid/83306
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://access.redhat.com/errata/RHSA-2017:1916
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=16962
- https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://rhn.redhat.com/errata/RHSA-2017-0680.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.openwall.com/lists/oss-security/2016/01/19/11
- http://www.openwall.com/lists/oss-security/2016/01/20/1
- http://www.securityfocus.com/bid/83306
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://access.redhat.com/errata/RHSA-2017:1916
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=16962
- https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html
Published: 2016-04-19
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://rhn.redhat.com/errata/RHSA-2017-0680.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.debian.org/security/2016/dsa-3480
- http://www.debian.org/security/2016/dsa-3481
- http://www.openwall.com/lists/oss-security/2016/01/19/11
- http://www.openwall.com/lists/oss-security/2016/01/20/1
- http://www.securityfocus.com/bid/83275
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://access.redhat.com/errata/RHSA-2017:1916
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://security.gentoo.org/glsa/201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=18240
- https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://rhn.redhat.com/errata/RHSA-2017-0680.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.debian.org/security/2016/dsa-3480
- http://www.debian.org/security/2016/dsa-3481
- http://www.openwall.com/lists/oss-security/2016/01/19/11
- http://www.openwall.com/lists/oss-security/2016/01/20/1
- http://www.securityfocus.com/bid/83275
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://access.redhat.com/errata/RHSA-2017:1916
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://security.gentoo.org/glsa/201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=18240
- https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html
Published: 2016-06-10
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-4429
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www.securityfocus.com/bid/102073
- https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html
- https://source.android.com/security/bulletin/2017-12-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- https://usn.ubuntu.com/3759-1/
- https://usn.ubuntu.com/3759-2/
- https://www.oracle.com//security-alerts/cpujul2021.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www.securityfocus.com/bid/102073
- https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html
- https://source.android.com/security/bulletin/2017-12-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c
- https://usn.ubuntu.com/3759-1/
- https://usn.ubuntu.com/3759-2/
- https://www.oracle.com//security-alerts/cpujul2021.html
Closed vulnerabilities
Published: 2019-04-25
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2019-01635
Уязвимость генератора псевдослучайных чисел библиотеки криптографии Libgcrypt, связанная с раскрытием информации, позволяющая нарушителю прогнозировать выходные данные
Severity: MEDIUM (5.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2016-12-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6313
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.3)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3650
- http://www.securityfocus.com/bid/92527
- http://www.securitytracker.com/id/1036635
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3065-1
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201612-01
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3650
- http://www.securityfocus.com/bid/92527
- http://www.securitytracker.com/id/1036635
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3065-1
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201612-01
Closed vulnerabilities
Published: 2016-09-07
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8948
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3658
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3658
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
Published: 2016-09-07
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6261
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3658
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3658
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
Published: 2016-09-07
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6262
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
Published: 2016-09-07
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6263
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3658
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
- https://security.gentoo.org/glsa/201908-06
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3658
- http://www.openwall.com/lists/oss-security/2016/07/20/6
- http://www.openwall.com/lists/oss-security/2016/07/21/4
- http://www.securityfocus.com/bid/92070
- http://www.ubuntu.com/usn/USN-3068-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
- https://security.gentoo.org/glsa/201908-06
Closed vulnerabilities
Published: 2019-10-29
Modified: 2024-11-28
Modified: 2024-11-28
BDU:2019-03749
Уязвимость функции safer_name_suffix архиватора GNU Tar, позволяющая нарушителю обойти предполагаемый механизм защиты и произвести запись в произвольные файлы
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)
Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2016-12-09
Modified: 2025-08-06
Modified: 2025-08-06
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://seclists.org/fulldisclosure/2016/Oct/102
- http://seclists.org/fulldisclosure/2016/Oct/96
- http://www.debian.org/security/2016/dsa-3702
- http://www.securityfocus.com/bid/93937
- http://www.ubuntu.com/usn/USN-3132-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://seclists.org/fulldisclosure/2016/Oct/102
- http://seclists.org/fulldisclosure/2016/Oct/96
- http://www.debian.org/security/2016/dsa-3702
- http://www.securityfocus.com/bid/93937
- http://www.ubuntu.com/usn/USN-3132-1
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Closed vulnerabilities
Published: 2017-01-23
Modified: 2025-08-06
Modified: 2025-08-06
CVE-2016-9401
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- http://rhn.redhat.com/errata/RHSA-2017-0725.html
- http://www.openwall.com/lists/oss-security/2016/11/17/5
- http://www.openwall.com/lists/oss-security/2016/11/17/9
- http://www.securityfocus.com/bid/94398
- https://access.redhat.com/errata/RHSA-2017:1931
- https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
- https://security.gentoo.org/glsa/201701-02
- http://rhn.redhat.com/errata/RHSA-2017-0725.html
- http://www.openwall.com/lists/oss-security/2016/11/17/5
- http://www.openwall.com/lists/oss-security/2016/11/17/9
- http://www.securityfocus.com/bid/94398
- https://access.redhat.com/errata/RHSA-2017:1931
- https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
- https://security.gentoo.org/glsa/201701-02
Closed vulnerabilities
Published: 2016-07-06
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-10226
Уязвимость интерпретатора PHP, позволяющая удалённому нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-03-30
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://bugs.gw.com/view.php?id=409
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://mx.gw.com/pipermail/file/2014/001649.html
- http://openwall.com/lists/oss-security/2015/02/05/13
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2016-0760.html
- http://www.debian.org/security/2015/dsa-3196
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/72516
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- https://security.gentoo.org/glsa/201701-42
- https://usn.ubuntu.com/3686-1/
- http://bugs.gw.com/view.php?id=409
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://mx.gw.com/pipermail/file/2014/001649.html
- http://openwall.com/lists/oss-security/2015/02/05/13
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2016-0760.html
- http://www.debian.org/security/2015/dsa-3196
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/72516
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- https://security.gentoo.org/glsa/201701-42
- https://usn.ubuntu.com/3686-1/
Closed vulnerabilities
Published: 2021-03-30
Modified: 2025-10-24
Modified: 2025-10-24
BDU:2021-01720
Уязвимость функции bzip2recover программного обеспечения для сжатия данных Bzip2, связанная с использованием после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2016-06-30
Modified: 2025-06-09
Modified: 2025-06-09
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
- http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
- http://www.openwall.com/lists/oss-security/2016/06/20/1
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91297
- http://www.securitytracker.com/id/1036132
- https://bugzilla.redhat.com/show_bug.cgi?id=1319648
- https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
- https://seclists.org/bugtraq/2019/Aug/4
- https://seclists.org/bugtraq/2019/Jul/22
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
- https://security.gentoo.org/glsa/201708-08
- https://usn.ubuntu.com/4038-1/
- https://usn.ubuntu.com/4038-2/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
- http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
- http://www.openwall.com/lists/oss-security/2016/06/20/1
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91297
- http://www.securitytracker.com/id/1036132
- https://bugzilla.redhat.com/show_bug.cgi?id=1319648
- https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
- https://seclists.org/bugtraq/2019/Aug/4
- https://seclists.org/bugtraq/2019/Jul/22
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
- https://security.gentoo.org/glsa/201708-08
- https://usn.ubuntu.com/4038-1/
- https://usn.ubuntu.com/4038-2/
- https://www.oracle.com/security-alerts/cpuoct2020.html