Branch sisyphus update bulletin.

Package falkon updated to version 3.0.0-alt2 for branch sisyphus in task 202746.

в спеке не указан Url:

Package sylpheed updated to version 3.7.0-alt0.1 for branch sisyphus in task 202768.

Обновление до версии 3.7.0

Package libexempi updated to version 2.4.5-alt1 for branch sisyphus in task 202788.

Published: 2018-03-06
Modified: 2024-11-21

CVE-2018-7728

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-03-06
Modified: 2024-11-21

CVE-2018-7729

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-03-06
Modified: 2024-11-21

CVE-2018-7730

An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-03-06
Modified: 2024-11-21

CVE-2018-7731

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package nsd updated to version 4.1.20-alt1 for branch sisyphus in task 202795.

Published: 2017-02-09
Modified: 2024-11-21

CVE-2016-6173

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package unbound updated to version 1.7.0-alt1 for branch sisyphus in task 202823.

Published: 2018-01-23
Modified: 2024-11-21

CVE-2017-15105

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

[FR] ручка для отключения java

Version: 2.1.0

Branch sisyphus update on 2018-03-24

ALT-BU-2018-3155-1

ALT-PU-2018-1467-1

Closed bugs

Bug #34686

ALT-PU-2018-1468-1

Closed bugs

Bug #34601

ALT-PU-2018-1470-1

Closed vulnerabilities

CVE-2018-7728

CVE-2018-7729

CVE-2018-7730

CVE-2018-7731

ALT-PU-2018-1471-1

Closed vulnerabilities

CVE-2016-6173

ALT-PU-2018-1477-1

Closed vulnerabilities

CVE-2017-15105

Closed bugs

Bug #34122