ALT-BU-2017-3015-1
Branch p8 update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-8685
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
- [oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)
- [oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)
- [oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)
- [oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)
- 93470
- 93470
- https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
- https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
Modified: 2024-11-21
CVE-2016-8686
The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
Closed vulnerabilities
BDU:2015-10226
Уязвимость интерпретатора PHP, позволяющая удалённому нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему
Modified: 2024-11-21
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
- http://bugs.gw.com/view.php?id=409
- http://bugs.gw.com/view.php?id=409
- HPSBMU03380
- HPSBMU03380
- HPSBMU03409
- HPSBMU03409
- [file] 20141216 [PATCH] readelf.c: better checks for values returned by pread
- [file] 20141216 [PATCH] readelf.c: better checks for values returned by pread
- [oss-security] 20150205 Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic
- [oss-security] 20150205 Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-5.php
- RHSA-2016:0760
- RHSA-2016:0760
- DSA-3196
- DSA-3196
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 72516
- 72516
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- GLSA-201701-42
- GLSA-201701-42
- USN-3686-1
- USN-3686-1
Closed bugs
Add gzip-rsyncable patch
Closed vulnerabilities
BDU:2018-00462
Уязвимость функции png_set_text_2 библиотеки libpng, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-10087
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
- [oss-security] 20161229 libpng NULL pointer dereference bugfix
- [oss-security] 20161229 libpng NULL pointer dereference bugfix
- [oss-security] 20161230 Re: libpng NULL pointer dereference bugfix
- [oss-security] 20161230 Re: libpng NULL pointer dereference bugfix
- 95157
- 95157
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- GLSA-201701-74
- GLSA-201701-74
- USN-3712-1
- USN-3712-1
- USN-3712-2
- USN-3712-2
Closed vulnerabilities
BDU:2019-03749
Уязвимость функции safer_name_suffix архиватора GNU Tar, позволяющая нарушителю обойти предполагаемый механизм защиты и произвести запись в произвольные файлы
Modified: 2024-11-21
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- [bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321
- [bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- 20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update
- 20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update
- 20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
- 20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
- DSA-3702
- DSA-3702
- 93937
- 93937
- USN-3132-1
- USN-3132-1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- GLSA-201611-19
- GLSA-201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-10254
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
- [oss-security] 20170322 Re: elfutils: memory allocation failure in allocate_elf (common.h)
- [oss-security] 20170322 Re: elfutils: memory allocation failure in allocate_elf (common.h)
- https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/
- https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/
- [elfutils-devel] 20161024 [PATCH] libelf: Always set ELF maxsize when reading an ELF file for sanity checks.
- [elfutils-devel] 20161024 [PATCH] libelf: Always set ELF maxsize when reading an ELF file for sanity checks.
- GLSA-201710-10
- GLSA-201710-10
- USN-3670-1
- USN-3670-1
Modified: 2024-11-21
CVE-2016-10255
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
- [oss-security] 20170322 Re: elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)
- [oss-security] 20170322 Re: elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)
- https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
- https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1387584
- https://bugzilla.redhat.com/show_bug.cgi?id=1387584
- [elfutils-devel] 20161021 [PATCH] libelf: Sanity check offset and size before trying to malloc and read data.
- [elfutils-devel] 20161021 [PATCH] libelf: Sanity check offset and size before trying to malloc and read data.
- GLSA-201710-10
- GLSA-201710-10
- USN-3670-1
- USN-3670-1
Closed vulnerabilities
BDU:2019-01635
Уязвимость генератора псевдослучайных чисел библиотеки криптографии Libgcrypt, связанная с раскрытием информации, позволяющая нарушителю прогнозировать выходные данные
Modified: 2024-11-21
CVE-2016-6313
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- RHSA-2016:2674
- RHSA-2016:2674
- DSA-3649
- DSA-3649
- DSA-3650
- DSA-3650
- 92527
- 92527
- 1036635
- 1036635
- USN-3064-1
- USN-3064-1
- USN-3065-1
- USN-3065-1
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- [gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
- [gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
- GLSA-201610-04
- GLSA-201610-04
- GLSA-201612-01
- GLSA-201612-01
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-1419
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
Package installer-scripts-remount-stage2 updated to version 0.5.13-alt1 for branch p8 in task 180979.
Closed bugs
Если при установке есть LVM, установка не проходит