ALT-BU-2017-3301-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-1000101
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
Package libgdk-pixbuf updated to version 2.36.8-alt1 for branch sisyphus in task 187079.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-6311
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
- http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
- http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
- [oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf
- [oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf
- [oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf
- [oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf
- 96779
- 96779
- https://bugzilla.gnome.org/show_bug.cgi?id=778204
- https://bugzilla.gnome.org/show_bug.cgi?id=778204
- FEDORA-2020-418ce730df
- FEDORA-2020-418ce730df
- FEDORA-2020-a718b79006
- FEDORA-2020-a718b79006
- GLSA-201709-08
- GLSA-201709-08
Package strongswan updated to version 5.6.0-alt1 for branch sisyphus in task 187080.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-11185
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.