ALT Linux Team

Branch sisyphus update on 2018-07-18

2018-07-18

ALT-BU-2018-3358-2

Branch sisyphus update bulletin.

ALT-PU-2018-2026-1

Package curl updated to version 7.61.0-alt1.S1 for branch sisyphus in task 210345.

Closed vulnerabilities

Published: 2018-07-11
Modified: 2024-11-21

CVE-2018-0500

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-2027-1

Package moodle3.3 updated to version 3.3.3-alt2 for branch sisyphus in task 210205.

Closed bugs

Bug #34984

Old "Allow from all"

ALT-PU-2018-2029-1

Package kernel-image-std-def updated to version 4.14.56-alt1 for branch sisyphus in task 210366.

Closed vulnerabilities

Published: 2019-03-12
Modified: 2024-12-03

BDU:2019-00979

Уязвимость файла drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать сбой в работе ядра операционной системы или повысить привилегии

Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2018-08-31
Modified: 2024-11-21

CVE-2018-16276

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top