ALT-BU-2018-3302-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2019-00237
Уязвимость процесса mainproc.c программы шифрования информации и создания электронных цифровых подписей GNU Privacy Guard, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Modified: 2024-11-21
CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
- http://openwall.com/lists/oss-security/2018/06/08/2
- http://openwall.com/lists/oss-security/2018/06/08/2
- http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
- http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
- 20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients
- 20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients
- [oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
- [oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
- 104450
- 104450
- 1041051
- 1041051
- RHSA-2018:2180
- RHSA-2018:2180
- RHSA-2018:2181
- RHSA-2018:2181
- https://dev.gnupg.org/T4012
- https://dev.gnupg.org/T4012
- https://github.com/RUB-NDS/Johnny-You-Are-Fired
- https://github.com/RUB-NDS/Johnny-You-Are-Fired
- https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
- https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update
- [debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
- USN-3675-1
- USN-3675-1
- USN-3675-2
- USN-3675-2
- USN-3675-3
- USN-3675-3
- USN-3964-1
- USN-3964-1
- DSA-4222
- DSA-4222
- DSA-4223
- DSA-4223
- DSA-4224
- DSA-4224
Closed bugs
Невозможность скачивания metadata при автоустановке с диска
Package matrix-synapse updated to version 0.29.1-alt1 for branch sisyphus in task 208138.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-10657
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
- https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
- https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
- https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
- https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-1000229
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
Modified: 2024-11-21
CVE-2017-16938
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.