ALT-BU-2018-3014-2
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-04942
Уязвимость функции print_iso9660_recurse (iso-info.c) библиотеки libcdio, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2022-04943
Уязвимость функции realloc_symlink (rock.c) библиотеки libcdio, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-18198
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
- http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
- http://www.securityfocus.com/bid/103200
- https://access.redhat.com/errata/RHSA-2018:3246
- https://savannah.gnu.org/bugs/?52265
- http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
- http://www.securityfocus.com/bid/103200
- https://access.redhat.com/errata/RHSA-2018:3246
- https://savannah.gnu.org/bugs/?52265
Modified: 2024-11-21
CVE-2017-18199
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
- http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
- http://www.securityfocus.com/bid/103202
- https://access.redhat.com/errata/RHSA-2018:3246
- https://savannah.gnu.org/bugs/?52264
- http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
- http://www.securityfocus.com/bid/103202
- https://access.redhat.com/errata/RHSA-2018:3246
- https://savannah.gnu.org/bugs/?52264
Modified: 2024-11-21
CVE-2017-18201
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
- http://www.securityfocus.com/bid/103190
- https://access.redhat.com/errata/RHSA-2018:3246
- https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d
- http://www.securityfocus.com/bid/103190
- https://access.redhat.com/errata/RHSA-2018:3246
- https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-15117
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.
- https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
- https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFDEQED64YLWQK2TF73EMXZDYX7YT2DD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAQYCMBWNVCIEM27NPIKK3DGJCNBYLAK/
- https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
- https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFDEQED64YLWQK2TF73EMXZDYX7YT2DD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAQYCMBWNVCIEM27NPIKK3DGJCNBYLAK/