ALT-BU-2017-3012-1
Branch sisyphus update bulletin.
Package 389-ds-base updated to version 1.3.6.3-alt1 for branch sisyphus in task 180454.
Closed bugs
Паразитарная вставка в agent_trap.h и snmp_agent.h
Package conntrack-tools updated to version 1.4.4-alt1.S1 for branch sisyphus in task 180906.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-6496
conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.
- http://bugzilla.netfilter.org/show_bug.cgi?id=910
- http://bugzilla.netfilter.org/show_bug.cgi?id=910
- FEDORA-2015-5eb2131441
- FEDORA-2015-5eb2131441
- FEDORA-2015-1aee5e6f0b
- FEDORA-2015-1aee5e6f0b
- openSUSE-SU-2015:1688
- openSUSE-SU-2015:1688
- DSA-3341
- DSA-3341
- [oss-security] 20150814 CVE request: conntrackd denial of service with unusual network traffic
- [oss-security] 20150814 CVE request: conntrackd denial of service with unusual network traffic
- [oss-security] 20150817 Re: CVE request: conntrackd denial of service with unusual network traffic
- [oss-security] 20150817 Re: CVE request: conntrackd denial of service with unusual network traffic
- https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd
- https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9928
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html
- http://www.openwall.com/lists/oss-security/2016/12/11/2
- http://www.openwall.com/lists/oss-security/2016/12/11/2
- http://www.openwall.com/lists/oss-security/2017/02/09/29
- http://www.openwall.com/lists/oss-security/2017/02/09/29
- http://www.securityfocus.com/bid/94862
- http://www.securityfocus.com/bid/94862
- https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
- https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
- https://bugzilla.redhat.com/show_bug.cgi?id=1403790
- https://bugzilla.redhat.com/show_bug.cgi?id=1403790
- https://gultsch.de/gajim_roster_push_and_message_interception.html
- https://gultsch.de/gajim_roster_push_and_message_interception.html
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2260-1] mcabber security update
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2260-1] mcabber security update
- USN-4506-1
- USN-4506-1
Modified: 2024-11-21
CVE-2017-5604
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.
- http://openwall.com/lists/oss-security/2017/02/09/29
- http://openwall.com/lists/oss-security/2017/02/09/29
- 96184
- 96184
- https://mcabber.com/hg/rev/2a9569fd7644
- https://mcabber.com/hg/rev/2a9569fd7644
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
Package kernel-image-un-def updated to version 4.10.6-alt1 for branch sisyphus in task 180883.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-7261
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.
- http://marc.info/?t=149037004200005&r=1&w=2
- http://marc.info/?t=149037004200005&r=1&w=2
- 97096
- 97096
- https://bugzilla.redhat.com/show_bug.cgi?id=1435719
- https://bugzilla.redhat.com/show_bug.cgi?id=1435719
- https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
- https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
Package claws-mail updated to version 3.15.0-alt1 for branch sisyphus in task 180933.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-10735
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
Package make-initrd updated to version 2.0.3-alt2 for branch sisyphus in task 180625.
Closed bugs
Документация по программе
guess-kbd: команда не найдена
0.8.10: на x86_64 в initrd попадают i586 библиотеки.