Branch sisyphus update bulletin.

Package lxc updated to version 2.0.7-alt2 for branch sisyphus in task 179481.

Published: 2017-03-14
Modified: 2024-11-21

CVE-2017-5985

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Package vim updated to version 8.0.381-alt1 for branch sisyphus in task 179533.

Published: 2017-02-27
Modified: 2024-11-21

CVE-2017-6349

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-02-27
Modified: 2024-11-21

CVE-2017-6350

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch sisyphus update on 2017-03-15

ALT-BU-2017-2989-1

ALT-PU-2017-1278-1

Closed vulnerabilities

CVE-2017-5985

ALT-PU-2017-1281-1

Closed vulnerabilities

CVE-2017-6349

CVE-2017-6350