ALT-BU-2018-3240-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-7435
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
- https://bugzilla.redhat.com/show_bug.cgi?id=1547879
- https://bugzilla.redhat.com/show_bug.cgi?id=1547879
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- GLSA-202007-44
- GLSA-202007-44
- DSA-4129
- DSA-4129
Modified: 2024-11-21
CVE-2018-7436
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
- https://bugzilla.redhat.com/show_bug.cgi?id=1547883
- https://bugzilla.redhat.com/show_bug.cgi?id=1547883
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- GLSA-202007-44
- GLSA-202007-44
- DSA-4129
- DSA-4129
Modified: 2024-11-21
CVE-2018-7437
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
- https://bugzilla.redhat.com/show_bug.cgi?id=1547885
- https://bugzilla.redhat.com/show_bug.cgi?id=1547885
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- GLSA-202007-44
- GLSA-202007-44
- DSA-4129
- DSA-4129
Modified: 2024-11-21
CVE-2018-7438
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
- https://bugzilla.redhat.com/show_bug.cgi?id=1547889
- https://bugzilla.redhat.com/show_bug.cgi?id=1547889
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- GLSA-202007-44
- GLSA-202007-44
- DSA-4129
- DSA-4129
Modified: 2024-11-21
CVE-2018-7439
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
- https://bugzilla.redhat.com/show_bug.cgi?id=1547892
- https://bugzilla.redhat.com/show_bug.cgi?id=1547892
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- [debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update
- GLSA-202007-44
- GLSA-202007-44
- DSA-4129
- DSA-4129
Package propagator updated to version 20180423-alt1 for branch sisyphus in task 205829.
Closed bugs
race conditions during media detection
dhcp.c: Fix potentially destructive typo in perform_dhcp()
Package doc-gnu-ru updated to version 1.0-alt3 for branch sisyphus in task 205830.
Closed bugs
Опечатка в Summary
Package tomcat-native updated to version 1.2.16-alt1_2jpp8 for branch sisyphus in task 205878.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-15698
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.
- 1040390
- 1040390
- RHSA-2018:0465
- RHSA-2018:0465
- RHSA-2018:0466
- RHSA-2018:0466
- [announce] 20180131 [SECURITY] CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted
- [announce] 20180131 [SECURITY] CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted
- [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
- [debian-lts-announce] 20180211 [SECURITY] [DLA 1276-1] tomcat-native security update
- [debian-lts-announce] 20180211 [SECURITY] [DLA 1276-1] tomcat-native security update
- DSA-4118
- DSA-4118