ALT Linux Team

Branch p8 update on 2017-12-14

2017-12-14

ALT-BU-2017-3562-1

Branch p8 update bulletin.

ALT-PU-2017-2797-1

Package eepm updated to version 2.4.1-alt0.M80P.1 for branch p8 in task 196468.

Closed bugs

Bug #34318

Не работает с новой версией

ALT-PU-2017-2799-1

Package mariadb updated to version 10.1.29-alt1.M80P.1 for branch p8 in task 196618.

Closed vulnerabilities

Published: 2017-10-19

BDU:2020-00675

Уязвимость компонента Server:Replication системы управления базами данных Oracle MySQL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

Severity: MEDIUM (4.1) Vector: AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2017-10-19

BDU:2020-00677

Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-10-19
Modified: 2024-11-21

CVE-2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

Severity: MEDIUM (4.1) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2017-10-19
Modified: 2024-11-21

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2017-2800-1

Package wireshark updated to version 2.4.3-alt1.M80P.1 for branch p8 in task 196267.

Closed vulnerabilities

Published: 2017-12-01
Modified: 2024-11-21

CVE-2017-17083

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-12-01
Modified: 2024-11-21

CVE-2017-17084

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-12-01
Modified: 2024-11-21

CVE-2017-17085

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top