ALT Linux Team

Branch sisyphus update on 2017-06-20

2017-06-20

ALT-BU-2017-3186-1

Branch sisyphus update bulletin.

ALT-PU-2017-1755-1

Package kernel-image-std-def updated to version 4.9.33-alt3 for branch sisyphus in task 184487.

Closed vulnerabilities

Published: 2017-06-18

BDU:2017-01479

Уязвимость в реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.4) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-06-19
Modified: 2024-11-21

CVE-2017-1000364

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Severity: HIGH (7.4) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2017-1756-1

Package libetpan updated to version 1.8-alt1 for branch sisyphus in task 184498.

Closed vulnerabilities

Published: 2017-05-08
Modified: 2024-11-21

CVE-2017-8825

A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top