ALT Linux Team

Branch sisyphus update on 2017-07-12

2017-07-12

ALT-BU-2017-3230-1

Branch sisyphus update bulletin.

ALT-PU-2017-1846-1

Package nginx updated to version 1.12.1-alt1.S1 for branch sisyphus in task 185277.

Closed vulnerabilities

Published: 2017-07-13
Modified: 2024-11-21

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2017-1847-1

Package libva-driver-intel updated to version 1.8.3-alt2.S1 for branch sisyphus in task 185275.

Closed bugs

Bug #33639

wrong package summary

ALT-PU-2017-1849-1

Package ocaml updated to version 4.04.2-alt1.S1 for branch sisyphus in task 185009.

Closed vulnerabilities

Published: 2017-06-23
Modified: 2024-11-21

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-09-07
Modified: 2024-11-21

CVE-2017-9779

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top