ALT Linux Team

Branch p8 update on 2017-06-10

2017-06-10

ALT-BU-2017-3166-1

Branch p8 update bulletin.

ALT-PU-2017-1702-1

Package tor updated to version 0.3.0.8-alt1.M80P.1 for branch p8 in task 183980.

Closed vulnerabilities

Published: 2017-06-09
Modified: 2024-11-21

CVE-2017-0375

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-06-09
Modified: 2024-11-21

CVE-2017-0376

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2017-1704-1

Package roundcube updated to version 1.2.5-alt0.M80P.1 for branch p8 in task 183981.

Closed vulnerabilities

Published: 2017-04-29
Modified: 2024-11-21

CVE-2017-8114

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top