ALT-BU-2018-3441-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2019-00441
Уязвимость функции write_validate_array_item() («demarshal.py») системы рендеринга удаленного виртуального «рабочего стола» SPICE (the Simple Protocol for Independent Computing Environments), связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
- 105152
- 105152
- RHSA-2018:2731
- RHSA-2018:2731
- RHSA-2018:2732
- RHSA-2018:2732
- RHSA-2018:3470
- RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873
- https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
- https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update
- USN-3751-1
- USN-3751-1
- DSA-4319
- DSA-4319
Closed bugs
Новый freeipa-client выносит openntpd из системы
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-1782
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
- FEDORA-2015-3757
- FEDORA-2015-3757
- FEDORA-2015-3797
- FEDORA-2015-3797
- FEDORA-2015-3791
- FEDORA-2015-3791
- DSA-3182
- DSA-3182
- http://www.libssh2.org/adv_20150311.html
- http://www.libssh2.org/adv_20150311.html
- MDVSA-2015:148
- MDVSA-2015:148
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 73061
- 73061
Modified: 2024-11-21
CVE-2016-0787
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
- FEDORA-2016-215a2219b1
- FEDORA-2016-215a2219b1
- FEDORA-2016-7942ee2cc5
- FEDORA-2016-7942ee2cc5
- openSUSE-SU-2016:0639
- openSUSE-SU-2016:0639
- DSA-3487
- DSA-3487
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 82514
- 82514
- https://bto.bluecoat.com/security-advisory/sa120
- https://bto.bluecoat.com/security-advisory/sa120
- https://kc.mcafee.com/corporate/index?page=content&id=SB10156
- https://kc.mcafee.com/corporate/index?page=content&id=SB10156
- https://puppet.com/security/cve/CVE-2016-0787
- https://puppet.com/security/cve/CVE-2016-0787
- GLSA-201606-12
- GLSA-201606-12
- https://www.libssh2.org/adv_20160223.html
- https://www.libssh2.org/adv_20160223.html
- https://www.libssh2.org/CVE-2016-0787.patch
- https://www.libssh2.org/CVE-2016-0787.patch