ALT-BU-2018-3616-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2017-01815
Уязвимость функции crc32_big библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2017-01816
Уязвимость компонента Inffast библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2017-02382
Уязвимость компонента inftrees библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2017-02383
Уязвимость функции inflateMark библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-04-20
CVE-2016-9840
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402345
- https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402345
- https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
Modified: 2025-04-20
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- http://www.securitytracker.com/id/1039596
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402346
- https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://security.netapp.com/advisory/ntap-20171019-0001/
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- http://www.securitytracker.com/id/1039596
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402346
- https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://security.netapp.com/advisory/ntap-20171019-0001/
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
Modified: 2025-04-20
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402348
- https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402348
- https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
Modified: 2025-04-20
CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- http://www.securitytracker.com/id/1041888
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402351
- https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://security.netapp.com/advisory/ntap-20181018-0002/
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- http://www.securitytracker.com/id/1041888
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402351
- https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://security.netapp.com/advisory/ntap-20181018-0002/
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
Closed bugs
remove %_includedir/minizip/crypt.h
Closed vulnerabilities
BDU:2019-00571
Уязвимость функции getaddrinfo библиотеки libc6, позволяющая нарушителю вызвать исчерпание оперативной памяти в целевой системе
Modified: 2024-11-21
CVE-2018-19591
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
- http://www.securityfocus.com/bid/106037
- http://www.securitytracker.com/id/1042174
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/
- https://security.gentoo.org/glsa/201903-09
- https://security.gentoo.org/glsa/201908-06
- https://security.netapp.com/advisory/ntap-20190321-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=23927
- https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
- https://usn.ubuntu.com/4416-1/
- http://www.securityfocus.com/bid/106037
- http://www.securitytracker.com/id/1042174
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/
- https://security.gentoo.org/glsa/201903-09
- https://security.gentoo.org/glsa/201908-06
- https://security.netapp.com/advisory/ntap-20190321-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=23927
- https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
- https://usn.ubuntu.com/4416-1/
Package kernel-image-std-debug updated to version 4.14.85-alt1 for branch sisyphus in task 217182.
Closed vulnerabilities
BDU:2015-07788
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07831
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2020-02817
Уязвимость программы для установки SSL сертификатов в стандартизированной инструментарии Linux Sblim-sfcb, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02841
Уязвимость агента обновления Novell ZENworks Patch Management клиента обновления PatchLink, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02848
Уязвимость функции sysstat.in утилиты для измерения и анализа производительности системы sysstat, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02951
Уязвимость функции GetInstalledPackages менеджера установки Application Lifestyle Management, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
BDU:2020-02957
Уязвимость модуля modules/serverdensity_device.py системы управления конфигураций и удаленного выполнения операций SaltStack, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
BDU:2020-02959
Уязвимость компонента consoleinst.sh менеджера установки Installation Manager IBM, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Modified: 2025-04-03
CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
- ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
- http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
- http://marc.info/?l=bugtraq&m=97561816504170&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
- http://www.debian.org/security/2000/20001111a
- http://www.kb.cert.org/vuls/id/10277
- http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
- http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
- http://www.redhat.com/support/errata/RHSA-2000-117.html
- http://www.redhat.com/support/errata/RHSA-2000-121.html
- http://www.securityfocus.com/archive/1/146657
- http://www.securityfocus.com/bid/1926
- http://www.securityfocus.com/bid/2006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
- ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
- http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
- http://marc.info/?l=bugtraq&m=97561816504170&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
- http://www.debian.org/security/2000/20001111a
- http://www.kb.cert.org/vuls/id/10277
- http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
- http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
- http://www.redhat.com/support/errata/RHSA-2000-117.html
- http://www.redhat.com/support/errata/RHSA-2000-121.html
- http://www.securityfocus.com/archive/1/146657
- http://www.securityfocus.com/bid/1926
- http://www.securityfocus.com/bid/2006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047
Modified: 2025-04-09
CVE-2007-3852
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
- http://osvdb.org/39709
- http://secunia.com/advisories/26527
- http://www.redhat.com/support/errata/RHSA-2011-1005.html
- http://www.securityfocus.com/bid/25380
- https://bugs.gentoo.org/show_bug.cgi?id=188808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
- http://osvdb.org/39709
- http://secunia.com/advisories/26527
- http://www.redhat.com/support/errata/RHSA-2011-1005.html
- http://www.securityfocus.com/bid/25380
- https://bugs.gentoo.org/show_bug.cgi?id=188808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
Modified: 2025-04-09
CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
- http://secunia.com/advisories/28657
- http://secunia.com/advisories/28665
- http://securityreason.com/securityalert/3599
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530
- http://www.securityfocus.com/archive/1/487103/100/0/threaded
- http://www.securityfocus.com/bid/27458
- http://www.securitytracker.com/id?1019272
- http://www.vupen.com/english/advisories/2008/0426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39958
- https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html
- http://secunia.com/advisories/28657
- http://secunia.com/advisories/28665
- http://securityreason.com/securityalert/3599
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530
- http://www.securityfocus.com/archive/1/487103/100/0/threaded
- http://www.securityfocus.com/bid/27458
- http://www.securitytracker.com/id?1019272
- http://www.vupen.com/english/advisories/2008/0426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39958
- https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html
Modified: 2025-04-09
CVE-2009-0416
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/51783
- http://secunia.com/advisories/33795
- http://sourceforge.net/forum/forum.php?forum_id=874261
- http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784
- http://www.securityfocus.com/bid/33583
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/51783
- http://secunia.com/advisories/33795
- http://sourceforge.net/forum/forum.php?forum_id=874261
- http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784
- http://www.securityfocus.com/bid/33583
Modified: 2025-04-11
CVE-2011-4834
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
- http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html
- http://secunia.com/advisories/47040
- http://www.securityfocus.com/archive/1/520783/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71698
- http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html
- http://secunia.com/advisories/47040
- http://www.securityfocus.com/archive/1/520783/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71698
Modified: 2025-04-20
CVE-2015-1838
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212784
- https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
- https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212784
- https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
- https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
Modified: 2025-04-12
CVE-2015-7442
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
Modified: 2025-04-12
CVE-2016-7489
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.
Package kernel-image-std-def updated to version 4.14.85-alt1 for branch sisyphus in task 217183.
Closed vulnerabilities
BDU:2015-07788
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07831
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2020-02817
Уязвимость программы для установки SSL сертификатов в стандартизированной инструментарии Linux Sblim-sfcb, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02841
Уязвимость агента обновления Novell ZENworks Patch Management клиента обновления PatchLink, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02848
Уязвимость функции sysstat.in утилиты для измерения и анализа производительности системы sysstat, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02951
Уязвимость функции GetInstalledPackages менеджера установки Application Lifestyle Management, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
BDU:2020-02957
Уязвимость модуля modules/serverdensity_device.py системы управления конфигураций и удаленного выполнения операций SaltStack, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
BDU:2020-02959
Уязвимость компонента consoleinst.sh менеджера установки Installation Manager IBM, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Modified: 2025-04-03
CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
- ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
- http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
- http://marc.info/?l=bugtraq&m=97561816504170&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
- http://www.debian.org/security/2000/20001111a
- http://www.kb.cert.org/vuls/id/10277
- http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
- http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
- http://www.redhat.com/support/errata/RHSA-2000-117.html
- http://www.redhat.com/support/errata/RHSA-2000-121.html
- http://www.securityfocus.com/archive/1/146657
- http://www.securityfocus.com/bid/1926
- http://www.securityfocus.com/bid/2006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
- ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
- http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
- http://marc.info/?l=bugtraq&m=97561816504170&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
- http://www.debian.org/security/2000/20001111a
- http://www.kb.cert.org/vuls/id/10277
- http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
- http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
- http://www.redhat.com/support/errata/RHSA-2000-117.html
- http://www.redhat.com/support/errata/RHSA-2000-121.html
- http://www.securityfocus.com/archive/1/146657
- http://www.securityfocus.com/bid/1926
- http://www.securityfocus.com/bid/2006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047
Modified: 2025-04-09
CVE-2007-3852
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
- http://osvdb.org/39709
- http://secunia.com/advisories/26527
- http://www.redhat.com/support/errata/RHSA-2011-1005.html
- http://www.securityfocus.com/bid/25380
- https://bugs.gentoo.org/show_bug.cgi?id=188808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
- http://osvdb.org/39709
- http://secunia.com/advisories/26527
- http://www.redhat.com/support/errata/RHSA-2011-1005.html
- http://www.securityfocus.com/bid/25380
- https://bugs.gentoo.org/show_bug.cgi?id=188808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36045
Modified: 2025-04-09
CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
- http://secunia.com/advisories/28657
- http://secunia.com/advisories/28665
- http://securityreason.com/securityalert/3599
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530
- http://www.securityfocus.com/archive/1/487103/100/0/threaded
- http://www.securityfocus.com/bid/27458
- http://www.securitytracker.com/id?1019272
- http://www.vupen.com/english/advisories/2008/0426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39958
- https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html
- http://secunia.com/advisories/28657
- http://secunia.com/advisories/28665
- http://securityreason.com/securityalert/3599
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530
- http://www.securityfocus.com/archive/1/487103/100/0/threaded
- http://www.securityfocus.com/bid/27458
- http://www.securitytracker.com/id?1019272
- http://www.vupen.com/english/advisories/2008/0426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39958
- https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html
Modified: 2025-04-09
CVE-2009-0416
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/51783
- http://secunia.com/advisories/33795
- http://sourceforge.net/forum/forum.php?forum_id=874261
- http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784
- http://www.securityfocus.com/bid/33583
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/51783
- http://secunia.com/advisories/33795
- http://sourceforge.net/forum/forum.php?forum_id=874261
- http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784
- http://www.securityfocus.com/bid/33583
Modified: 2025-04-11
CVE-2011-4834
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
- http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html
- http://secunia.com/advisories/47040
- http://www.securityfocus.com/archive/1/520783/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71698
- http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html
- http://secunia.com/advisories/47040
- http://www.securityfocus.com/archive/1/520783/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71698
Modified: 2025-04-20
CVE-2015-1838
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212784
- https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
- https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212784
- https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
- https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
Modified: 2025-04-12
CVE-2015-7442
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
Modified: 2025-04-12
CVE-2016-7489
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.