Branch sisyphus update bulletin.

Package sudo updated to version 1.8.20p2-alt1.S1 for branch sisyphus in task 183759.

Published: 2017-06-23
Modified: 2021-03-23

BDU:2017-01424

Уязвимость функции get_process_ttyname программы системного администрирования Sudo, позволяющая нарушителю выполнить произвольную команду и получить доступ к информации

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2017-06-05
Modified: 2025-04-20

CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (8.2) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References:

Package libquicktime111 updated to version 1.2.4-alt4 for branch sisyphus in task 183768.

Published: 2017-01-30
Modified: 2025-04-20

CVE-2016-2399

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2017-06-04

ALT-BU-2017-3156-1

ALT-PU-2017-1686-1

Closed vulnerabilities

BDU:2017-01424

CVE-2017-1000368

ALT-PU-2017-1688-1

Closed vulnerabilities

CVE-2016-2399