ALT-BU-2018-3004-1
Branch sisyphus update bulletin.
Package libtomcrypt updated to version 1.18.0-alt1 for branch sisyphus in task 198017.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-6129
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
- https://bugzilla.redhat.com/show_bug.cgi?id=1370955
- https://bugzilla.redhat.com/show_bug.cgi?id=1370955
- https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
- https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
- https://www.op-tee.org/advisories/
- https://www.op-tee.org/advisories/
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-7945
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
- [oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
- [oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
- [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
- [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
- 93364
- 93364
- 1036945
- 1036945
- https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
- https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
- FEDORA-2016-8b122b0997
- FEDORA-2016-8b122b0997
- FEDORA-2016-cabb6d7ef7
- FEDORA-2016-cabb6d7ef7
- [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
- [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
- GLSA-201704-03
- GLSA-201704-03
Modified: 2024-11-21
CVE-2016-7946
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
- [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
- [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
- [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
- [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
- 93374
- 93374
- 1036945
- 1036945
- https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
- https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
- FEDORA-2016-8b122b0997
- FEDORA-2016-8b122b0997
- FEDORA-2016-cabb6d7ef7
- FEDORA-2016-cabb6d7ef7
- [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
- [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
- GLSA-201704-03
- GLSA-201704-03
Closed bugs
[XCB] unexpected deadlocks with XIAllowTouchEvents
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-1000501
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
- http://www.awstats.org/
- http://www.awstats.org/
- https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
- https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
- https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
- https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
- [debian-lts-announce] 20180110 [SECURITY] [DLA 1238-1] awstats security update
- [debian-lts-announce] 20180110 [SECURITY] [DLA 1238-1] awstats security update
- GLSA-202007-37
- GLSA-202007-37
- DSA-4092
- DSA-4092
Modified: 2024-11-21
CVE-2018-10245
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
Package make-initrd updated to version 2.0.7-alt1 for branch sisyphus in task 198050.
Closed bugs
недостаёт R: cpio