ALT Linux Team

Branch sisyphus update on 2017-04-27

2017-04-27

ALT-BU-2017-3085-1

Branch sisyphus update bulletin.

ALT-PU-2017-1524-1

Package zabbix updated to version 3.2.5-alt2 for branch sisyphus in task 182205.

Closed bugs

Bug #33418

Нестандартный пусть до загружаемых модулей

ALT-PU-2017-1530-1

Package dovecot updated to version 2.2.29.1-alt1 for branch sisyphus in task 182215.

Closed vulnerabilities

Published: 2018-06-21
Modified: 2024-11-21

CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2017-1531-1

Package freeipa updated to version 4.3.3-alt2 for branch sisyphus in task 182047.

Closed vulnerabilities

Published: 2018-03-13
Modified: 2024-11-21

CVE-2016-9575

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.

Severity: MEDIUM (6.3) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References:

ALT-PU-2017-1532-1

Package 389-ds-base updated to version 1.3.7.0-alt1 for branch sisyphus in task 182232.

Closed vulnerabilities

Published: 2018-03-01

BDU:2020-02901

Уязвимость службы каталогов уровня предприятия 389 Directory Server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-03-02
Modified: 2024-11-21

CVE-2017-15134

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-06-22
Modified: 2024-11-21

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-05-09
Modified: 2024-11-21

CVE-2018-1089

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top