2017-03-15
ALT-BU-2017-2989-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2017-03-14
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-5985
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Severity: LOW (3.3)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://www.openwall.com/lists/oss-security/2017/03/09/4
- http://www.securityfocus.com/bid/96777
- http://www.ubuntu.com/usn/USN-3224-1
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
- https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
- https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://www.openwall.com/lists/oss-security/2017/03/09/4
- http://www.securityfocus.com/bid/96777
- http://www.ubuntu.com/usn/USN-3224-1
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
- https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
- https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html
Closed vulnerabilities
Published: 2017-02-27
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-6349
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.securityfocus.com/bid/96451
- http://www.securitytracker.com/id/1037949
- https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
- https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA
- https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4309-1/
- http://www.securityfocus.com/bid/96451
- http://www.securitytracker.com/id/1037949
- https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
- https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA
- https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4309-1/
Published: 2017-02-27
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-6350
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.securityfocus.com/bid/96448
- http://www.securitytracker.com/id/1037949
- https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
- https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q
- https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4309-1/
- http://www.securityfocus.com/bid/96448
- http://www.securitytracker.com/id/1037949
- https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
- https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q
- https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4309-1/