2017-11-24
ALT-BU-2017-3518-2
Branch sisyphus update bulletin.
Package fluidsynth updated to version 1.1.8-alt1.1 for branch sisyphus in task 195266.
Closed bugs
Молчит
Closed vulnerabilities
Published: 2017-06-16
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-3254
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774
- http://www.securityfocus.com/bid/99112
- https://access.redhat.com/errata/RHSA-2017:2477
- https://access.redhat.com/errata/RHSA-2017:3115
- https://issues.apache.org/jira/browse/THRIFT-3231
- https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E
- http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774
- http://www.securityfocus.com/bid/99112
- https://access.redhat.com/errata/RHSA-2017:2477
- https://access.redhat.com/errata/RHSA-2017:3115
- https://issues.apache.org/jira/browse/THRIFT-3231
- https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E
Published: 2018-02-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: HIGH (8.8)Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E
- http://www.securityfocus.com/bid/103025
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:3140
- https://issues.apache.org/jira/browse/THRIFT-3893
- https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E
- http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E
- http://www.securityfocus.com/bid/103025
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:3140
- https://issues.apache.org/jira/browse/THRIFT-3893
- https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E
Published: 2022-05-13
Modified: 2023-07-31
Modified: 2023-07-31
GHSA-r4m4-pmvw-m6j5
Apache Thrift Go Library Command Injection
Severity: HIGH (8.8)Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-5397
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:3140
- https://issues.apache.org/jira/browse/THRIFT-3893
- https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
- https://web.archive.org/web/20210124141102/http://www.securityfocus.com/bid/103025
- http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E