ALT-BU-2019-3538-1
Branch sisyphus update bulletin.
Package libsigc++2 updated to version 2.10.1-alt1.1 for branch sisyphus in task 224161.
Closed bugs
outdated URL
Package libsigc++3 updated to version 2.99.12-alt1.1 for branch sisyphus in task 224161.
Closed bugs
outdated URL
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
- https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L388
- https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L388
- https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L403
- https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L403
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/pull/4521
- https://github.com/netdata/netdata/pull/4521
- https://www.red4sec.com/cve/netdata_json_injection.txt
- https://www.red4sec.com/cve/netdata_json_injection.txt
Modified: 2024-11-21
CVE-2018-18837
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
- https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L367-L370
- https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L367-L370
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/pull/4521
- https://github.com/netdata/netdata/pull/4521
- https://www.red4sec.com/cve/netdata_header_injection.txt
- https://www.red4sec.com/cve/netdata_header_injection.txt
Modified: 2024-11-21
CVE-2018-18838
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/pull/4521
- https://github.com/netdata/netdata/pull/4521
- https://www.red4sec.com/cve/netdata_log_injection.txt
- https://www.red4sec.com/cve/netdata_log_injection.txt
Modified: 2024-11-21
CVE-2018-18839
An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
- https://github.com/netdata/netdata/pull/4521
- https://github.com/netdata/netdata/pull/4521
- https://www.red4sec.com/cve/netdata_fpd.txt
- https://www.red4sec.com/cve/netdata_fpd.txt
Package python-module-mysqlclient updated to version 1.4.2.post1-alt1 for branch sisyphus in task 224076.
Closed bugs
Собрать с provides MySQLdb
Package python-module-mysqlclient-docs updated to version 1.4.2.post1-alt1 for branch sisyphus in task 224076.
Closed bugs
Собрать с provides MySQLdb
Package python3-module-mysqlclient updated to version 1.4.2.post1-alt1 for branch sisyphus in task 224076.
Closed bugs
Собрать с provides MySQLdb
Package python3-module-mysqlclient-docs updated to version 1.4.2.post1-alt1 for branch sisyphus in task 224076.
Closed bugs
Собрать с provides MySQLdb
Closed bugs
Сломана сборка thrift
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-5737
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.
- openSUSE-SU-2019:1076
- openSUSE-SU-2019:1076
- openSUSE-SU-2019:1173
- openSUSE-SU-2019:1173
- openSUSE-SU-2019:1211
- openSUSE-SU-2019:1211
- RHSA-2019:1821
- RHSA-2019:1821
- https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
- https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
- GLSA-202003-48
- GLSA-202003-48
- https://security.netapp.com/advisory/ntap-20190502-0008/
- https://security.netapp.com/advisory/ntap-20190502-0008/