ALT-BU-2017-3323-1
Branch sisyphus update bulletin.
Closed bugs
Обновить audacious
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
- openSUSE-SU-2017:1649
- openSUSE-SU-2017:1649
- openSUSE-SU-2017:1650
- openSUSE-SU-2017:1650
- RHSA-2017:1859
- RHSA-2017:1859
- https://bugzilla.redhat.com/show_bug.cgi?id=1455191
- https://bugzilla.redhat.com/show_bug.cgi?id=1455191
- https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c
- https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c
- https://github.com/golang/go/issues/20040
- https://github.com/golang/go/issues/20040
- https://go-review.googlesource.com/c/41070/
- https://go-review.googlesource.com/c/41070/
- [golang-announce] 20170523 [security] Go 1.7.6 and Go 1.8.2 are released
- [golang-announce] 20170523 [security] Go 1.7.6 and Go 1.8.2 are released
- FEDORA-2017-278f46fcd6
- FEDORA-2017-278f46fcd6
Closed vulnerabilities
BDU:2017-01674
Уязвимость функции getNodeSize системы управления базами данных SQLite, позволяющая нарушителю оказать другое воздействие
Modified: 2024-11-21
CVE-2017-10989
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
- openSUSE-SU-2019:1426
- openSUSE-SU-2019:1426
- http://marc.info/?l=sqlite-users&m=149933696214713&w=2
- http://marc.info/?l=sqlite-users&m=149933696214713&w=2
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- 99502
- 99502
- 1039427
- 1039427
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
- https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
- https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
- [debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update
- [debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update
- https://sqlite.org/src/info/66de6f4a
- https://sqlite.org/src/info/66de6f4a
- https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
- https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- USN-4019-1
- USN-4019-1
- USN-4019-2
- USN-4019-2