ALT-BU-2018-3369-1
Branch p8 update bulletin.
Closed vulnerabilities
BDU:2020-01814
Уязвимость функции open_envvar инструмента для настройки использования пользовательских приложений по умолчанию xdg-open, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Modified: 2024-11-21
CVE-2017-18266
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
- https://bugs.freedesktop.org/show_bug.cgi?id=103807
- https://bugs.freedesktop.org/show_bug.cgi?id=103807
- https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2
- https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2
- https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
- https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
- https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog
- https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog
- [debian-lts-announce] 20180525 [SECURITY] [DLA 1384-1] xdg-utils security update
- [debian-lts-announce] 20180525 [SECURITY] [DLA 1384-1] xdg-utils security update
- USN-3650-1
- USN-3650-1
- DSA-4211
- DSA-4211
Closed vulnerabilities
Modified: 2024-11-21
CVE-2007-0899
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
Modified: 2024-11-21
CVE-2018-0360
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
- 1041367
- 1041367
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/
- GLSA-201904-12
- GLSA-201904-12
- USN-3722-1
- USN-3722-1
- USN-3722-2
- USN-3722-2
Modified: 2024-11-21
CVE-2018-0361
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- 1041367
- 1041367
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- GLSA-201904-12
- GLSA-201904-12
Closed bugs
Обновить clamav