ALT-BU-2017-3325-1
Branch p8 update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-12067
Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.
Modified: 2024-11-21
CVE-2017-7263
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.
Closed vulnerabilities
BDU:2016-01470
Уязвимость библиотеки парсинга Expat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-01683
Уязвимость библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2018-00112
Уязвимость функции entityValueInitProcessor библиотеки для анализа XML-файлов libexpat, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
- DSA-3597
- DSA-3597
- [oss-security] 20160603 Re: expat hash collision fix too predictable?
- [oss-security] 20160603 Re: expat hash collision fix too predictable?
- [oss-security] 20160603 Re: expat hash collision fix too predictable?
- [oss-security] 20160603 Re: expat hash collision fix too predictable?
- 91483
- 91483
- USN-3010-1
- USN-3010-1
- GLSA-201701-21
- GLSA-201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Modified: 2024-11-21
CVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
- http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
- http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
- openSUSE-SU-2015:1287
- openSUSE-SU-2015:1287
- openSUSE-SU-2016:1441
- openSUSE-SU-2016:1441
- SUSE-SU-2016:1508
- SUSE-SU-2016:1508
- SUSE-SU-2016:1512
- SUSE-SU-2016:1512
- openSUSE-SU-2016:1523
- openSUSE-SU-2016:1523
- RHSA-2015:1499
- RHSA-2015:1499
- DSA-3315
- DSA-3315
- DSA-3318
- DSA-3318
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 75973
- 75973
- 1033031
- 1033031
- USN-2726-1
- USN-2726-1
- https://code.google.com/p/chromium/issues/detail?id=492052
- https://code.google.com/p/chromium/issues/detail?id=492052
- https://codereview.chromium.org/1224303003
- https://codereview.chromium.org/1224303003
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- GLSA-201603-09
- GLSA-201603-09
- GLSA-201701-21
- GLSA-201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Modified: 2024-11-21
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
- APPLE-SA-2016-07-18-1
- APPLE-SA-2016-07-18-1
- openSUSE-SU-2016:1441
- openSUSE-SU-2016:1441
- SUSE-SU-2016:1508
- SUSE-SU-2016:1508
- SUSE-SU-2016:1512
- SUSE-SU-2016:1512
- openSUSE-SU-2016:1523
- openSUSE-SU-2016:1523
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
- RHSA-2016:2824
- RHSA-2016:2824
- 20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
- 20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
- http://support.eset.com/ca6333/
- http://support.eset.com/ca6333/
- DSA-3582
- DSA-3582
- http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
- [oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
- [oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 90729
- 90729
- 1036348
- 1036348
- 1036415
- 1036415
- 1037705
- 1037705
- USN-2983-1
- USN-2983-1
- USN-3044-1
- USN-3044-1
- RHSA-2018:2486
- RHSA-2018:2486
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
- https://bugzilla.redhat.com/show_bug.cgi?id=1296102
- https://bugzilla.redhat.com/show_bug.cgi?id=1296102
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- GLSA-201701-21
- GLSA-201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://support.apple.com/HT206903
- https://support.apple.com/HT206903
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Modified: 2024-11-21
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
- 91528
- 91528
- USN-3013-1
- USN-3013-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1344251
- https://bugzilla.redhat.com/show_bug.cgi?id=1344251
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- GLSA-201701-21
- GLSA-201701-21
- https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
- https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Modified: 2024-11-21
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
- DSA-3597
- DSA-3597
- [oss-security] 20160604 Re: expat hash collision fix too predictable?
- [oss-security] 20160604 Re: expat hash collision fix too predictable?
- [oss-security] 20160604 Re: expat hash collision fix too predictable?
- [oss-security] 20160604 Re: expat hash collision fix too predictable?
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 91159
- 91159
- USN-3010-1
- USN-3010-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- GLSA-201701-21
- GLSA-201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Modified: 2024-11-21
CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
- DSA-3898
- DSA-3898
- [oss-security] 20170618 Expat 2.2.1 security fixes
- [oss-security] 20170618 Expat 2.2.1 security fixes
- 99276
- 99276
- 1039427
- 1039427
- https://github.com/libexpat/libexpat/blob/master/expat/Changes
- https://github.com/libexpat/libexpat/blob/master/expat/Changes
- https://libexpat.github.io/doc/cve-2017-9233/
- https://libexpat.github.io/doc/cve-2017-9233/
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- https://support.f5.com/csp/article/K03244804
- https://support.f5.com/csp/article/K03244804
Package pam_pkcs11 updated to version 0.6.9-alt14 for branch p8 in task 186892.
Closed bugs
Пропуск первого по счёту события card_insert
Closed bugs
Требуется документация
Cброс прав на файл при ini_config_set
shell-ini-config добавляет пустую строку в конец файла
Closed bugs
systemd-sysv-install ROOT overquoting