ALT Linux Team

Branch sisyphus update on 2018-12-30

2018-12-30

ALT-BU-2018-3671-1

Branch sisyphus update bulletin.

ALT-PU-2018-2982-1

Package vlc updated to version 3.0.5.1-alt1 for branch sisyphus in task 218755.

Closed vulnerabilities

Published: 2018-12-06

BDU:2019-01262

Уязвимость демультиплексера CAF медиа плеера VideoLAN VLC, связанная с доступом к неинициализированному указателю, позволяющая нарушителю вызвать отказ в обслуживании и/или получить доступ к конфиденциальным данным

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2018-12-05
Modified: 2024-11-21

CVE-2018-19857

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:

ALT-PU-2018-2984-1

Package zstd updated to version 1.3.8-alt1 for branch sisyphus in task 218803.

Closed vulnerabilities

Published: 2019-07-25

BDU:2019-03229

Уязвимость функции сжатия библиотеки для сжатия данных Zstandard, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-07-26
Modified: 2024-11-21

CVE-2019-11922

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top