ALT-BU-2017-2991-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-8652
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
- [dovecot-news] 20161203 v2.2.27 released
- [dovecot-news] 20161203 v2.2.27 released
- [oss-security] 20161202 Important vulnerability in Dovecot (CVE-2016-8652)
- [oss-security] 20161202 Important vulnerability in Dovecot (CVE-2016-8652)
- [oss-security] 20161205 Re: Important vulnerability in Dovecot (CVE-2016-8652)
- [oss-security] 20161205 Re: Important vulnerability in Dovecot (CVE-2016-8652)
- 94639
- 94639
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-10188
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
- DSA-3853
- DSA-3853
- [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
- 95935
- 95935
- https://bugs.bitlbee.org/ticket/1281
- https://bugs.bitlbee.org/ticket/1281
Modified: 2024-11-21
CVE-2016-10189
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
- DSA-3853
- DSA-3853
- [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
- 95931
- 95931
- https://bugs.bitlbee.org/ticket/1282
- https://bugs.bitlbee.org/ticket/1282
- https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f
- https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f
Modified: 2024-11-21
CVE-2017-5668
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
- [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
- [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
- 95932
- 95932
- https://bugs.bitlbee.org/ticket/1282
- https://bugs.bitlbee.org/ticket/1282
- https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
- https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
Package python3-module-slixmpp updated to version 1.2.4-alt1 for branch sisyphus in task 179566.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-5591
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.
- http://openwall.com/lists/oss-security/2017/02/09/29
- http://openwall.com/lists/oss-security/2017/02/09/29
- 96166
- 96166
- https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8
- https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
Closed vulnerabilities
BDU:2021-00048
Уязвимость службы сетевой безопасности NSS браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность данных
Modified: 2024-11-21
CVE-2016-9574
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
Modified: 2024-11-21
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
- 97940
- 97940
- 1038320
- 1038320
- https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
- https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
- GLSA-201705-04
- GLSA-201705-04
- DSA-3831
- DSA-3831
- DSA-3872
- DSA-3872
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
Closed bugs
Отсутствует векторизация растра