ALT-BU-2018-3311-1
Branch sisyphus update bulletin.
Package devscripts updated to version 2.18.3-alt1_1 for branch sisyphus in task 208523.
Closed vulnerabilities
BDU:2015-02662
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2017-02344
Уязвимость пакета сценариев devscripts (scripts/licensecheck.pl) для операционной системы Fedora, позволяющая нарушителю выполнить произвольные shell-команды
Modified: 2024-11-21
CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
- [oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution
- [oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution
- 56192
- 56192
- 56579
- 56579
- DSA-2836
- DSA-2836
- 64656
- 64656
- USN-2084-1
- USN-2084-1
- debian-cve20136888-code-execution(90107)
- debian-cve20136888-code-execution(90107)
Modified: 2024-11-21
CVE-2013-7050
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
- 100855
- 100855
- [oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw
- [oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw
- [oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw
- [oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw
- 64241
- 64241
- https://bugzilla.redhat.com/show_bug.cgi?id=1040266
- https://bugzilla.redhat.com/show_bug.cgi?id=1040266
- devscripts-cve20137050-command-execution(89666)
- devscripts-cve20137050-command-execution(89666)
Modified: 2024-11-21
CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
- http://www.openwall.com/lists/oss-security/2014/02/12/14
- http://www.openwall.com/lists/oss-security/2014/02/12/14
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325
- https://security-tracker.debian.org/tracker/CVE-2013-7325
- https://security-tracker.debian.org/tracker/CVE-2013-7325
Modified: 2024-11-21
CVE-2015-5704
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
- FEDORA-2015-12699
- FEDORA-2015-12699
- FEDORA-2015-12716
- FEDORA-2015-12716
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- 76143
- 76143
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249635
- https://bugzilla.redhat.com/show_bug.cgi?id=1249635
Modified: 2024-11-21
CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
- FEDORA-2015-12699
- FEDORA-2015-12699
- FEDORA-2015-12716
- FEDORA-2015-12716
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- [oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249645
- https://bugzilla.redhat.com/show_bug.cgi?id=1249645
Closed vulnerabilities
BDU:2019-01774
Уязвимость библиотеки struct подсистемы Lua системы управления базами данных Redis, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2019-01775
Уязвимость библиотеки cmsgpack подсистемы Lua системы управления базами данных Redis, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2018-11218
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
- http://antirez.com/news/119
- http://antirez.com/news/119
- 104553
- 104553
- RHSA-2019:0052
- RHSA-2019:0052
- RHSA-2019:0094
- RHSA-2019:0094
- RHSA-2019:1860
- RHSA-2019:1860
- https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3
- https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3
- https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0
- https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0
- https://github.com/antirez/redis/issues/5017
- https://github.com/antirez/redis/issues/5017
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- GLSA-201908-04
- GLSA-201908-04
- DSA-4230
- DSA-4230
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Modified: 2024-11-21
CVE-2018-11219
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
- http://antirez.com/news/119
- http://antirez.com/news/119
- 104552
- 104552
- RHSA-2019:0052
- RHSA-2019:0052
- RHSA-2019:0094
- RHSA-2019:0094
- RHSA-2019:1860
- RHSA-2019:1860
- https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
- https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
- https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
- https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
- https://github.com/antirez/redis/issues/5017
- https://github.com/antirez/redis/issues/5017
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- GLSA-201908-04
- GLSA-201908-04
- DSA-4230
- DSA-4230
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Modified: 2024-11-21
CVE-2018-12326
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
- RHSA-2019:0052
- RHSA-2019:0052
- RHSA-2019:0094
- RHSA-2019:0094
- RHSA-2019:1860
- RHSA-2019:1860
- https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
- https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
- https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
- https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- 44904
- 44904
Closed bugs
luatex general protection fault