ALT-BU-2017-3044-1
Branch p8 update bulletin.
Package libwebkitgtk4 updated to version 2.14.6-alt0.M80P.1 for branch p8 in task 181436.
Closed vulnerabilities
BDU:2017-00817
Уязвимость операционной системы iOS, браузера Safari, позволяющая злоумышленнику нарушить конфиденциальность информации
BDU:2017-00821
Уязвимость операционной системы iOS, браузера Safari, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа
BDU:2017-00835
Уязвимость операционной системы iOS и браузера Safari , позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00837
Уязвимость операционной системы iOS и браузера Safari , позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00838
Уязвимость операционной системы iOS и браузера Safari , позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00843
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00844
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00849
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00862
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00867
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00868
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю провести UXSS-атаку
BDU:2017-00872
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю выполнить произвольный код
BDU:2017-00873
Уязвимость браузера Safari и операционной системы iOS, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00896
Уязвимость браузера Safari и операционной системы iOS, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00907
Уязвимость операционной системы iOS и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00909
Уязвимость браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00930
Уязвимость браузера Safari, операционной системы iOS, позволяющая нарушителю обойти механизм защиты политики безопасности
Modified: 2024-11-21
CVE-2016-9643
The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
- [oss-security] 20161126 CVE Request: resource exhaustion in regex expression handling in WebKit
- [oss-security] 20161126 CVE Request: resource exhaustion in regex expression handling in WebKit
- [oss-security] 20161126 Re: CVE Request: resource exhaustion in regex expression handling in WebKit
- [oss-security] 20161126 Re: CVE Request: resource exhaustion in regex expression handling in WebKit
- 94559
- 94559
- 1038137
- 1038137
- GLSA-201706-15
- GLSA-201706-15
Modified: 2024-11-21
CVE-2017-2364
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Modified: 2024-11-21
CVE-2017-2367
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Modified: 2024-11-21
CVE-2017-2369
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Modified: 2024-11-21
CVE-2017-2377
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.
Modified: 2024-11-21
CVE-2017-2392
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
Modified: 2024-11-21
CVE-2017-2394
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Modified: 2024-11-21
CVE-2017-2405
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Modified: 2024-11-21
CVE-2017-2419
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
Modified: 2024-11-21
CVE-2017-2442
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Modified: 2024-11-21
CVE-2017-2446
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.
- 97130
- 97130
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1032
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1032
- https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/
- https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- 41741
- 41741
- 41742
- 41742
Modified: 2024-11-21
CVE-2017-2454
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- 97130
- 97130
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1080
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1080
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- 41807
- 41807
Modified: 2024-11-21
CVE-2017-2459
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- 97130
- 97130
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1087
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1087
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- 41810
- 41810
Modified: 2024-11-21
CVE-2017-2460
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- 97130
- 97130
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1090
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1090
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- 41811
- 41811
Modified: 2024-11-21
CVE-2017-2465
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Modified: 2024-11-21
CVE-2017-2466
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- 97130
- 97130
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1097
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1097
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- https://twitter.com/ifsecure/status/849292853792657413
- https://twitter.com/ifsecure/status/849292853792657413
- 41812
- 41812
Modified: 2024-11-21
CVE-2017-2468
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Modified: 2024-11-21
CVE-2017-2470
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Modified: 2024-11-21
CVE-2017-2471
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
- 97133
- 97133
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1105
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1105
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207602
- https://support.apple.com/HT207602
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- 41813
- 41813
Modified: 2024-11-21
CVE-2017-2475
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
Modified: 2024-11-21
CVE-2017-2476
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- 97130
- 97130
- 1038137
- 1038137
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1114
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1114
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
- 41814
- 41814
Modified: 2024-11-21
CVE-2017-2481
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- 97130
- 97130
- 1038137
- 1038137
- http://zerodayinitiative.com/advisories/ZDI-17-191/
- http://zerodayinitiative.com/advisories/ZDI-17-191/
- GLSA-201706-15
- GLSA-201706-15
- https://support.apple.com/HT207600
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207601
- https://support.apple.com/HT207617
- https://support.apple.com/HT207617
Closed vulnerabilities
BDU:2021-01421
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-2619
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
- 97033
- 97033
- 1038117
- 1038117
- RHSA-2017:1265
- RHSA-2017:1265
- RHSA-2017:2338
- RHSA-2017:2338
- RHSA-2017:2778
- RHSA-2017:2778
- RHSA-2017:2789
- RHSA-2017:2789
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- DSA-3816
- DSA-3816
- 41740
- 41740
- https://www.samba.org/samba/security/CVE-2017-2619.html
- https://www.samba.org/samba/security/CVE-2017-2619.html
Modified: 2024-11-21
CVE-2017-9461
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
- 99455
- 99455
- RHSA-2017:1950
- RHSA-2017:1950
- RHSA-2017:2338
- RHSA-2017:2338
- RHSA-2017:2778
- RHSA-2017:2778
- https://bugs.debian.org/864291
- https://bugs.debian.org/864291
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
Closed bugs
[PATCH] исправление работы --without docs
Closed vulnerabilities
BDU:2021-01421
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-2619
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
- 97033
- 97033
- 1038117
- 1038117
- RHSA-2017:1265
- RHSA-2017:1265
- RHSA-2017:2338
- RHSA-2017:2338
- RHSA-2017:2778
- RHSA-2017:2778
- RHSA-2017:2789
- RHSA-2017:2789
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- DSA-3816
- DSA-3816
- 41740
- 41740
- https://www.samba.org/samba/security/CVE-2017-2619.html
- https://www.samba.org/samba/security/CVE-2017-2619.html
Closed bugs
[PATCH] исправление работы --without docs