ALT-BU-2019-3501-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2019-01413
Уязвимость функции bus_process_object() подсистемы инициализации операционных систем Linux Systemd, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-6454
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
- SUSE-SA:2019:0255-1
- openSUSE-SU-2019:1450
- [oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- [oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- [oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)
- 107081
- RHSA-2019:0368
- RHSA-2019:0990
- RHSA-2019:1322
- RHSA-2019:1502
- RHSA-2019:2805
- https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- [SECURITY] [DLA 1684-1] 20190219 systemd security update
- FEDORA-2019-8434288a24
- https://security.netapp.com/advisory/ntap-20190327-0004/
- USN-3891-1
- DSA-4393-1
- SUSE-SA:2019:0255-1
- DSA-4393-1
- USN-3891-1
- https://security.netapp.com/advisory/ntap-20190327-0004/
- FEDORA-2019-8434288a24
- [SECURITY] [DLA 1684-1] 20190219 systemd security update
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
- RHSA-2019:2805
- RHSA-2019:1502
- RHSA-2019:1322
- RHSA-2019:0990
- RHSA-2019:0368
- 107081
- [oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)
- [oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- [oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- openSUSE-SU-2019:1450
Closed bugs
значок flameshot не появляется в панели задач
Closed bugs
pulse plugin doesn't work
Closed vulnerabilities
BDU:2019-00013
Уязвимость графической библиотеки Skia веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2019-01571
Уязвимость библиотеки Skia используемой веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00759
Уязвимость метода TransferFromImageBitmap почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, связанная с возможностью чтения элемента canvas, игнорируя политику безопасности, позволяющая нарушителю получить несанкционированный доступ к информации
Modified: 2024-11-21
CVE-2018-18356
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- openSUSE-SU-2019:1162
- openSUSE-SU-2019:1162
- 106084
- 106084
- RHSA-2018:3803
- RHSA-2018:3803
- RHSA-2019:0373
- RHSA-2019:0373
- RHSA-2019:0374
- RHSA-2019:0374
- RHSA-2019:1144
- RHSA-2019:1144
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://crbug.com/883666
- https://crbug.com/883666
- [debian-lts-announce] 20190215 [SECURITY] [DLA 1677-1] firefox-esr security update
- [debian-lts-announce] 20190215 [SECURITY] [DLA 1677-1] firefox-esr security update
- [debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update
- [debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update
- GLSA-201903-04
- GLSA-201903-04
- GLSA-201904-07
- GLSA-201904-07
- GLSA-201908-18
- GLSA-201908-18
- USN-3896-1
- USN-3896-1
- USN-3897-1
- USN-3897-1
- DSA-4352
- DSA-4352
- DSA-4391
- DSA-4391
- DSA-4392
- DSA-4392
Modified: 2024-11-21
CVE-2018-18511
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
- openSUSE-SU-2019:1484
- openSUSE-SU-2019:1484
- openSUSE-SU-2019:1534
- openSUSE-SU-2019:1534
- openSUSE-SU-2019:1664
- openSUSE-SU-2019:1664
- RHSA-2019:1265
- RHSA-2019:1265
- RHSA-2019:1267
- RHSA-2019:1267
- RHSA-2019:1269
- RHSA-2019:1269
- RHSA-2019:1308
- RHSA-2019:1308
- RHSA-2019:1309
- RHSA-2019:1309
- RHSA-2019:1310
- RHSA-2019:1310
- https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
- https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
- [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
- [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
- [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
- [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
- 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
- 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
- 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
- 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
- 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
- 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
- USN-3997-1
- USN-3997-1
- DSA-4448
- DSA-4448
- DSA-4451
- DSA-4451
- https://www.mozilla.org/security/advisories/mfsa2019-04/
- https://www.mozilla.org/security/advisories/mfsa2019-04/
Modified: 2024-11-21
CVE-2019-5785
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Package LibreOffice updated to version 6.2.1.1-alt1 for branch sisyphus in task 222022.
Closed bugs
Education is not hacked out properly from math.desktop
LibreOffice-gtk3: неверные Obsoletes/Provides на LibreOffice-gnome
Ошибочно добавленные vcl gtk* в LibreOffice-common
Стал требовать KDE framework 5
Зауженные шрифты в диалогах 6.2