2018-07-28
ALT-BU-2018-3373-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2020-09-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-17145
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145
- https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md
- https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md
- https://invdos.net
- https://invdos.net
- https://invdos.net/paper/CVE-2018-17145.pdf
- https://invdos.net/paper/CVE-2018-17145.pdf
Package accountsservice updated to version 0.6.50-alt1.S1 for branch sisyphus in task 210846.
Closed vulnerabilities
Published: 2018-07-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14036
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- http://www.openwall.com/lists/oss-security/2018/07/02/2
- http://www.openwall.com/lists/oss-security/2018/07/02/2
- 104757
- 104757
- https://bugs.freedesktop.org/show_bug.cgi?id=107085
- https://bugs.freedesktop.org/show_bug.cgi?id=107085
- https://bugzilla.suse.com/show_bug.cgi?id=1099699
- https://bugzilla.suse.com/show_bug.cgi?id=1099699
- https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
- https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a