ALT Linux Team

Branch sisyphus update on 2018-12-04

2018-12-04

ALT-BU-2018-3619-2

Branch sisyphus update bulletin.

ALT-PU-2018-2756-1

Package blender updated to version 2.79b-alt6 for branch sisyphus in task 217215.

Closed bugs

Bug #35699

Сломалась сборка

ALT-PU-2018-2757-1

Package gwibber updated to version 3.6.0-alt1 for branch sisyphus in task 217221.

Closed bugs

Bug #26181

Прошу собрать новую версию gwibber

ALT-PU-2018-2759-1

Package setools updated to version 4.1.1-alt2 for branch sisyphus in task 217216.

Closed bugs

Bug #35695

Сломалась сборка

ALT-PU-2018-2763-1

Package wireshark updated to version 2.6.5-alt1 for branch sisyphus in task 217231.

Closed vulnerabilities

Published: 2018-08-21

BDU:2019-00923

Уязвимость LBMPDM диссектора анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-10-31

BDU:2019-00924

Уязвимость MMSE диссектора анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-28

BDU:2019-00959

Уязвимость компонента IxVeriWave анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-28

BDU:2019-01272

Уязвимость программы-анализатора трафика Wireshark, связанная с чтением за пределами границ в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-28

BDU:2019-01273

Уязвимость программы-анализатора трафика Wireshark, связанная с чтением за пределами границ в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19622

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19623

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19624

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19625

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19626

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19627

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-11-29
Modified: 2024-11-21

CVE-2018-19628

In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

Closed bugs

Bug #29869

отсутствует devel пакет

ALT-PU-2018-2764-1

Package memcached updated to version 1.5.12-alt1 for branch sisyphus in task 217068.

Closed vulnerabilities

Published: 2018-03-05
Modified: 2024-11-21

CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2018-3673-1

Package tinyxml2 updated to version 7.0.1-alt1 for branch sisyphus in task 217235.

Closed vulnerabilities

Published: 2018-05-16
Modified: 2024-11-21

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top