ALT-BU-2017-3343-1
Branch c7 update bulletin.
Package LibreOffice4 updated to version 4.2-alt2.M70C.5 for branch c7 in task 188064.
Closed vulnerabilities
BDU:2017-01549
Уязвимость функции tools::Polygon::Insert пакета офисных программ LibreOffice, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-7870
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
- DSA-3837
- DSA-3837
- http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
- http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
- 97671
- 97671
- 1039029
- 1039029
- RHSA-2017:1975
- RHSA-2017:1975
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
- https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
- https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
- GLSA-201706-28
- GLSA-201706-28
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-6908
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
- APPLE-SA-2015-12-08-3
- SUSE-SU-2016:0224
- openSUSE-SU-2016:0226
- openSUSE-SU-2016:0255
- openSUSE-SU-2016:0261
- SUSE-SU-2016:0262
- RHSA-2015:1840
- DSA-3356
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- 76714
- 1033534
- USN-2742-1
- https://support.apple.com/HT205637
- APPLE-SA-2015-12-08-3
- https://support.apple.com/HT205637
- USN-2742-1
- 1033534
- 76714
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
- DSA-3356
- RHSA-2015:1840
- SUSE-SU-2016:0262
- openSUSE-SU-2016:0261
- openSUSE-SU-2016:0255
- openSUSE-SU-2016:0226
- SUSE-SU-2016:0224
Modified: 2024-11-21
CVE-2017-9287
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
- DSA-3868
- DSA-3868
- http://www.openldap.org/its/?findid=8655
- http://www.openldap.org/its/?findid=8655
- 98736
- 98736
- 1038591
- 1038591
- RHSA-2017:1852
- RHSA-2017:1852
- https://bugs.debian.org/863563
- https://bugs.debian.org/863563
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Package postgresql9.5 updated to version 9.5.9-alt0.M70C.1 for branch c7 in task 188063.
Closed vulnerabilities
BDU:2017-02037
Уязвимость системы управления базами данных PostgreSQL, вызванная недостатками процедуры авторизации, позволяющая нарушителю получить пароль
Modified: 2024-11-21
CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.