ALT-BU-2017-3306-1
Branch p8 update bulletin.
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
- http://www.securityfocus.com/bid/100384
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
- https://bugzilla.redhat.com/show_bug.cgi?id=1482006
- https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
- https://github.com/saltstack/salt/pull/42944
- http://www.securityfocus.com/bid/100384
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
- https://bugzilla.redhat.com/show_bug.cgi?id=1482006
- https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
- https://github.com/saltstack/salt/pull/42944
Closed bugs
Недостающие библиотеки в %_libdir/chromium/swiftshader
Package adobe-flash-player-ppapi updated to version 26-alt2.M80P.1 for branch p8 in task 187190.
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-3085
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
- http://www.securityfocus.com/bid/100191
- http://www.securitytracker.com/id/1039088
- http://www.zerodayinitiative.com/advisories/ZDI-17-634/
- https://access.redhat.com/errata/RHSA-2017:2457
- https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
- http://www.securityfocus.com/bid/100191
- http://www.securitytracker.com/id/1039088
- http://www.zerodayinitiative.com/advisories/ZDI-17-634/
- https://access.redhat.com/errata/RHSA-2017:2457
- https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
Modified: 2025-04-20
CVE-2017-3106
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
- http://www.securityfocus.com/bid/100190
- http://www.securitytracker.com/id/1039088
- https://access.redhat.com/errata/RHSA-2017:2457
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
- https://www.exploit-db.com/exploits/42480/
- http://www.securityfocus.com/bid/100190
- http://www.securitytracker.com/id/1039088
- https://access.redhat.com/errata/RHSA-2017:2457
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
- https://www.exploit-db.com/exploits/42480/
Package kf5-plasma-workspace updated to version 5.10.4-alt6.M80P.1 for branch p8 in task 187215.
Closed bugs
kde5/plasma: неправильно формируется контекстное меню в системном трее