ALT-BU-2017-3582-1
Branch sisyphus update bulletin.
Closed bugs
Упакован /var/lib/run/kup вместо /var/run
Package kde5-ksirk updated to version 17.12.0-alt2.S1 for branch sisyphus in task 197383.
Closed bugs
Конфликт библиотек
Package adobe-flash-player-ppapi updated to version 28-alt1.S1 for branch sisyphus in task 197394.
Closed vulnerabilities
BDU:2018-00200
Уязвимость программной платформы Flash Player, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю выпонить произвольный код
BDU:2018-00201
Уязвимость программной платформы Flash Player, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2018-00212
Уязвимость компонента Primetime SDK программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2018-00213
Уязвимость компонента Primetime SDK программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2018-00214
Уязвимость программной платформы Flash Player, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-11213
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Modified: 2024-11-21
CVE-2017-11215
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-11225
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2017-11305
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
Modified: 2024-11-21
CVE-2017-3112
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Modified: 2024-11-21
CVE-2017-3114
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Closed bugs
update required (known vulnerabilities, blocked in chromium)
Package thunderbird updated to version 52.5.2-alt1 for branch sisyphus in task 197444.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-7829
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
- 102258
- 102258
- 1040123
- 1040123
- RHSA-2018:0061
- RHSA-2018:0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=1423432
- https://bugzilla.mozilla.org/show_bug.cgi?id=1423432
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- USN-3529-1
- USN-3529-1
- DSA-4075
- DSA-4075
- https://www.mozilla.org/security/advisories/mfsa2017-30/
- https://www.mozilla.org/security/advisories/mfsa2017-30/
Modified: 2024-11-21
CVE-2017-7846
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.
- 102258
- 102258
- 1040123
- 1040123
- RHSA-2018:0061
- RHSA-2018:0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=1411716
- https://bugzilla.mozilla.org/show_bug.cgi?id=1411716
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- DSA-4075
- DSA-4075
- https://www.mozilla.org/security/advisories/mfsa2017-30/
- https://www.mozilla.org/security/advisories/mfsa2017-30/
Modified: 2024-11-21
CVE-2017-7847
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
- 102258
- 102258
- 1040123
- 1040123
- RHSA-2018:0061
- RHSA-2018:0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=1411708
- https://bugzilla.mozilla.org/show_bug.cgi?id=1411708
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- DSA-4075
- DSA-4075
- https://www.mozilla.org/security/advisories/mfsa2017-30/
- https://www.mozilla.org/security/advisories/mfsa2017-30/
Modified: 2024-11-21
CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
- 102258
- 102258
- 1040123
- 1040123
- RHSA-2018:0061
- RHSA-2018:0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=1411699
- https://bugzilla.mozilla.org/show_bug.cgi?id=1411699
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- [debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update
- DSA-4075
- DSA-4075
- https://www.mozilla.org/security/advisories/mfsa2017-30/
- https://www.mozilla.org/security/advisories/mfsa2017-30/
Closed bugs
включить описание хэш функции ГОСТ Р 34.11-2012 (Стрибог)
Package perl-Math-MPFR updated to version 3.36-alt2 for branch sisyphus in task 197488.
Closed bugs
[FR] снимать BR: perl(Math/Decimal64.pm) на e2k