ALT-BU-2017-2987-2

Branch sisyphus update bulletin.

Package pandoc updated to version 1.11.1-alt2 for branch sisyphus in task 179451.

Чудовищный список зависимостей

Package pidgin updated to version 2.12.0-alt1 for branch sisyphus in task 179454.

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package radvd updated to version 2.16-alt2 for branch sisyphus in task 179487.

radvd не стартует через systemclt start

Package lxc updated to version 2.0.7-alt2 for branch sisyphus in task 179481.

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: LOW (3.3)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Version: 2.1.2

Branch sisyphus update on 2017-03-14

ALT-BU-2017-2987-2

ALT-PU-2017-1274-1

Closed bugs

Bug #31654

ALT-PU-2017-1275-1

Closed vulnerabilities

CVE-2017-2640

ALT-PU-2017-1276-1

Closed bugs

Bug #33228

ALT-PU-2017-1278-1

Closed vulnerabilities

CVE-2017-5985