ALT-BU-2018-3237-1
Branch sisyphus update bulletin.
Package adobe-flash-player-ppapi updated to version 29-alt1.S1 for branch sisyphus in task 205651.
Closed vulnerabilities
Modified: 2021-03-23
BDU:2018-00894
Уязвимость программной платформы Flash Player, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2018-4919
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- http://www.securityfocus.com/bid/103385
- http://www.securitytracker.com/id/1040509
- https://access.redhat.com/errata/RHSA-2018:0520
- https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
- http://www.securityfocus.com/bid/103385
- http://www.securitytracker.com/id/1040509
- https://access.redhat.com/errata/RHSA-2018:0520
- https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
Modified: 2024-11-21
CVE-2018-4920
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- http://www.securityfocus.com/bid/103383
- http://www.securitytracker.com/id/1040509
- https://access.redhat.com/errata/RHSA-2018:0520
- https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
- http://www.securityfocus.com/bid/103383
- http://www.securitytracker.com/id/1040509
- https://access.redhat.com/errata/RHSA-2018:0520
- https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
Modified: 2024-11-21
CVE-2018-4932
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
Modified: 2024-11-21
CVE-2018-4933
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
Modified: 2024-11-21
CVE-2018-4934
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44528/
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44528/
Modified: 2024-11-21
CVE-2018-4935
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44527/
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44527/
Modified: 2024-11-21
CVE-2018-4936
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44526/
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44526/
Modified: 2024-11-21
CVE-2018-4937
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44529/
- http://www.securityfocus.com/bid/103708
- http://www.securitytracker.com/id/1040648
- https://access.redhat.com/errata/RHSA-2018:1119
- https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
- https://security.gentoo.org/glsa/201804-11
- https://www.exploit-db.com/exploits/44529/
Closed bugs
chromium ругается на старый flash
Closed bugs
Ошибка в spec (Requires)
Closed vulnerabilities
Modified: 2021-03-23
BDU:2018-01512
Уязвимость консольной утилиты для загрузки файлов wget, связанной с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
- http://www.securityfocus.com/bid/104129
- http://www.securitytracker.com/id/1040838
- https://access.redhat.com/errata/RHSA-2018:3052
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
- https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html
- https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
- https://savannah.gnu.org/bugs/?53763
- https://security.gentoo.org/glsa/201806-01
- https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
- https://usn.ubuntu.com/3643-1/
- https://usn.ubuntu.com/3643-2/
- https://www.debian.org/security/2018/dsa-4195
- https://www.exploit-db.com/exploits/44601/
- http://www.securityfocus.com/bid/104129
- http://www.securitytracker.com/id/1040838
- https://access.redhat.com/errata/RHSA-2018:3052
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
- https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html
- https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
- https://savannah.gnu.org/bugs/?53763
- https://security.gentoo.org/glsa/201806-01
- https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
- https://usn.ubuntu.com/3643-1/
- https://usn.ubuntu.com/3643-2/
- https://www.debian.org/security/2018/dsa-4195
- https://www.exploit-db.com/exploits/44601/
Closed vulnerabilities
Modified: 2021-03-23
BDU:2018-01503
Уязвимость функции pack интерпретатора Perl, позволяющая нарушителю вызвать отказ в обслуживании, получить доступ к конфиденциальным данным или нарушить их целостность
Modified: 2024-11-21
CVE-2018-6913
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
- http://www.securityfocus.com/bid/103953
- http://www.securitytracker.com/id/1040681
- https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html
- https://rt.perl.org/Public/Bug/Display.html?id=131844
- https://security.gentoo.org/glsa/201909-01
- https://usn.ubuntu.com/3625-1/
- https://usn.ubuntu.com/3625-2/
- https://www.debian.org/security/2018/dsa-4172
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://www.securityfocus.com/bid/103953
- http://www.securitytracker.com/id/1040681
- https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html
- https://rt.perl.org/Public/Bug/Display.html?id=131844
- https://security.gentoo.org/glsa/201909-01
- https://usn.ubuntu.com/3625-1/
- https://usn.ubuntu.com/3625-2/
- https://www.debian.org/security/2018/dsa-4172
- https://www.oracle.com/security-alerts/cpujul2020.html
Package advancecomp updated to version 2.1-alt1_4 for branch sisyphus in task 205683.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-1056
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056
- https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html
- https://sourceforge.net/p/advancemame/bugs/259/
- https://usn.ubuntu.com/3570-1/
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056
- https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html
- https://sourceforge.net/p/advancemame/bugs/259/
- https://usn.ubuntu.com/3570-1/
Modified: 2024-11-21
CVE-2019-8379
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
- https://access.redhat.com/errata/RHSA-2019:2332
- https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/
- https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-the-function-be_uint32_read-advancecomp/
- https://sourceforge.net/p/advancemame/bugs/271/
- https://access.redhat.com/errata/RHSA-2019:2332
- https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/
- https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-the-function-be_uint32_read-advancecomp/
- https://sourceforge.net/p/advancemame/bugs/271/