ALT-BU-2018-3114-1
Branch sisyphus update bulletin.
Package libspice-gtk updated to version 0.34-alt1 for branch sisyphus in task 201400.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-3066
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
Closed vulnerabilities
BDU:2019-01781
Уязвимость реализации протокола BGP программного обеспечения Quagga, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-03925
Уязвимость демона bgpd пакета программ Quagga, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-5378
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- VU#940439
- VU#940439
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt
- GLSA-201804-17
- GLSA-201804-17
- USN-3573-1
- USN-3573-1
- DSA-4115
- DSA-4115
Modified: 2024-11-21
CVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- VU#940439
- VU#940439
- 103105
- 103105
- RHSA-2018:0377
- RHSA-2018:0377
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
- [debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
- [debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
- GLSA-201804-17
- GLSA-201804-17
- USN-3573-1
- USN-3573-1
- DSA-4115
- DSA-4115
Modified: 2024-11-21
CVE-2018-5380
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- VU#940439
- VU#940439
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt
- [debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
- [debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
- GLSA-201804-17
- GLSA-201804-17
- USN-3573-1
- USN-3573-1
- DSA-4115
- DSA-4115
Modified: 2024-11-21
CVE-2018-5381
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- VU#940439
- VU#940439
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt
- [debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
- [debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
- GLSA-201804-17
- GLSA-201804-17
- USN-3573-1
- USN-3573-1
- DSA-4115
- DSA-4115
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-9814
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
- openSUSE-SU-2020:1003
- openSUSE-SU-2020:1003
- https://bugs.freedesktop.org/show_bug.cgi?id=101547
- https://bugs.freedesktop.org/show_bug.cgi?id=101547
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- GLSA-201904-01
- GLSA-201904-01
Closed bugs
libcairo: new version
Package alterator-auth-token updated to version 0.1.2-alt1 for branch sisyphus in task 201449.
Closed bugs
alterator-auth-token приводит к невозможности входа пользователя в систему
Closed bugs
xdg-open для сеанса lxqt использует pcmanfm
Package kernel-image-un-def updated to version 4.14.24-alt1 for branch sisyphus in task 201431.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-1000028
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.
Package lxqt-panel updated to version 0.12.0-alt4 for branch sisyphus in task 201465.
Closed bugs
поддержка pulseaudio