2017-11-21
ALT-BU-2017-3508-1
Branch p8 update bulletin.
Closed vulnerabilities
Published: 2017-10-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-12166
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 101153
- 101153
- 1039470
- 1039470
- https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
- https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
- [debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update
- [debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update
Closed vulnerabilities
Published: 2019-09-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-18635
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- RHSA-2020:0754
- RHSA-2020:0754
- https://bugs.launchpad.net/horizon/+bug/1656435
- https://bugs.launchpad.net/horizon/+bug/1656435
- https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
- https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
- https://github.com/novnc/noVNC/issues/748
- https://github.com/novnc/noVNC/issues/748
- https://github.com/novnc/noVNC/releases/tag/v0.6.2
- https://github.com/novnc/noVNC/releases/tag/v0.6.2
- https://github.com/ShielderSec/cve-2017-18635
- https://github.com/ShielderSec/cve-2017-18635
- [debian-lts-announce] 20191005 [SECURITY] [DLA 1946-1] novnc security update
- [debian-lts-announce] 20191005 [SECURITY] [DLA 1946-1] novnc security update
- [debian-lts-announce] 20211228 [SECURITY] [DLA 2854-1] novnc security update
- [debian-lts-announce] 20211228 [SECURITY] [DLA 2854-1] novnc security update
- USN-4522-1
- USN-4522-1
- https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
- https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
Package docbook-style-xsl updated to version 1.78.1-alt3 for branch p8 in task 194834.
Closed bugs
При сборке man-страницы для smb.conf проявляется ошибка бесконечной рекурсии
Package kernel-image-std-def updated to version 4.9.63-alt0.M80P.1 for branch p8 in task 194888.
Closed vulnerabilities
Published: 2017-08-28
BDU:2017-02266
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9)
Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
Published: 2017-10-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-13080
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Severity: MEDIUM (5.3)
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- SUSE-SU-2017:2745
- SUSE-SU-2017:2745
- SUSE-SU-2017:2752
- SUSE-SU-2017:2752
- openSUSE-SU-2017:2755
- openSUSE-SU-2017:2755
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- DSA-3999
- DSA-3999
- VU#228519
- VU#228519
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- 101274
- 101274
- 1039572
- 1039572
- 1039573
- 1039573
- 1039576
- 1039576
- 1039577
- 1039577
- 1039578
- 1039578
- 1039581
- 1039581
- 1039585
- 1039585
- 1039703
- 1039703
- USN-3455-1
- USN-3455-1
- RHSA-2017:2907
- RHSA-2017:2907
- RHSA-2017:2911
- RHSA-2017:2911
- https://access.redhat.com/security/vulnerabilities/kracks
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- FreeBSD-SA-17:07
- FreeBSD-SA-17:07
- GLSA-201711-03
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://source.android.com/security/bulletin/2017-11-01
- https://support.apple.com/HT208219
- https://support.apple.com/HT208219
- https://support.apple.com/HT208220
- https://support.apple.com/HT208220
- https://support.apple.com/HT208221
- https://support.apple.com/HT208221
- https://support.apple.com/HT208222
- https://support.apple.com/HT208222
- https://support.apple.com/HT208325
- https://support.apple.com/HT208325
- https://support.apple.com/HT208327
- https://support.apple.com/HT208327
- https://support.apple.com/HT208334
- https://support.apple.com/HT208334
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://support.lenovo.com/us/en/product_security/LEN-17420
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
- https://www.krackattacks.com/
- https://www.krackattacks.com/
Package nvidia_glx_common updated to version 384.90-alt183.M80P.1 for branch p8 in task 192668.
Closed bugs
Создаёт неправильные ссылки
Package kernel-image-std-pae updated to version 4.4.99-alt0.M80P.1 for branch p8 in task 194889.
Closed vulnerabilities
Published: 2017-08-28
BDU:2017-02266
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9)
Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
Published: 2017-10-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-13080
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Severity: MEDIUM (5.3)
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- SUSE-SU-2017:2745
- SUSE-SU-2017:2745
- SUSE-SU-2017:2752
- SUSE-SU-2017:2752
- openSUSE-SU-2017:2755
- openSUSE-SU-2017:2755
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- DSA-3999
- DSA-3999
- VU#228519
- VU#228519
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- 101274
- 101274
- 1039572
- 1039572
- 1039573
- 1039573
- 1039576
- 1039576
- 1039577
- 1039577
- 1039578
- 1039578
- 1039581
- 1039581
- 1039585
- 1039585
- 1039703
- 1039703
- USN-3455-1
- USN-3455-1
- RHSA-2017:2907
- RHSA-2017:2907
- RHSA-2017:2911
- RHSA-2017:2911
- https://access.redhat.com/security/vulnerabilities/kracks
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- FreeBSD-SA-17:07
- FreeBSD-SA-17:07
- GLSA-201711-03
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://source.android.com/security/bulletin/2017-11-01
- https://support.apple.com/HT208219
- https://support.apple.com/HT208219
- https://support.apple.com/HT208220
- https://support.apple.com/HT208220
- https://support.apple.com/HT208221
- https://support.apple.com/HT208221
- https://support.apple.com/HT208222
- https://support.apple.com/HT208222
- https://support.apple.com/HT208325
- https://support.apple.com/HT208325
- https://support.apple.com/HT208327
- https://support.apple.com/HT208327
- https://support.apple.com/HT208334
- https://support.apple.com/HT208334
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://support.lenovo.com/us/en/product_security/LEN-17420
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
- https://www.krackattacks.com/
- https://www.krackattacks.com/