ALT-BU-2018-3155-1
Branch sisyphus update bulletin.
Closed bugs
в спеке не указан Url:
Closed bugs
Обновление до версии 3.7.0
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-7728
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.
- https://bugs.freedesktop.org/show_bug.cgi?id=105205
- https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
- https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
- https://bugs.freedesktop.org/show_bug.cgi?id=105205
- https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
- https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
Modified: 2024-11-21
CVE-2018-7729
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.
- https://bugs.freedesktop.org/show_bug.cgi?id=105206
- https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
- https://bugs.freedesktop.org/show_bug.cgi?id=105206
- https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
Modified: 2024-11-21
CVE-2018-7730
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
- https://access.redhat.com/errata/RHSA-2019:2048
- https://bugs.freedesktop.org/show_bug.cgi?id=105204
- https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
- https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
- https://access.redhat.com/errata/RHSA-2019:2048
- https://bugs.freedesktop.org/show_bug.cgi?id=105204
- https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
- https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
Modified: 2024-11-21
CVE-2018-7731
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.
- https://bugs.freedesktop.org/show_bug.cgi?id=105247
- https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
- https://bugs.freedesktop.org/show_bug.cgi?id=105247
- https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCFXKOOATZ2B5G3G7EBXZWVZHEABN4ZV/
- https://usn.ubuntu.com/3668-1/
Closed vulnerabilities
Modified: 2025-04-20
CVE-2016-6173
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
- http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES
- http://www.openwall.com/lists/oss-security/2016/07/06/3
- http://www.openwall.com/lists/oss-security/2016/07/06/4
- http://www.securityfocus.com/bid/91678
- https://github.com/sischkg/xfer-limit/blob/master/README.md
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
- https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html
- https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
- http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES
- http://www.openwall.com/lists/oss-security/2016/07/06/3
- http://www.openwall.com/lists/oss-security/2016/07/06/4
- http://www.securityfocus.com/bid/91678
- https://github.com/sischkg/xfer-limit/blob/master/README.md
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
- https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html
- https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-15105
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
- http://www.securityfocus.com/bid/102817
- https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html
- https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html
- https://unbound.net/downloads/CVE-2017-15105.txt
- https://usn.ubuntu.com/3673-1/
- http://www.securityfocus.com/bid/102817
- https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html
- https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html
- https://unbound.net/downloads/CVE-2017-15105.txt
- https://usn.ubuntu.com/3673-1/
Closed bugs
[FR] ручка для отключения java