ALT-BU-2019-3557-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2015-03334
Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-04-11
CVE-2013-4362
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
- http://osvdb.org/97416
- http://osvdb.org/97417
- http://savannah.nongnu.org/bugs/?40034
- http://seclists.org/oss-sec/2013/q3/627
- http://www.debian.org/security/2013/dsa-2765
- http://www.securityfocus.com/bid/62445
- https://security.gentoo.org/glsa/201612-02
- http://osvdb.org/97416
- http://osvdb.org/97417
- http://savannah.nongnu.org/bugs/?40034
- http://seclists.org/oss-sec/2013/q3/627
- http://www.debian.org/security/2013/dsa-2765
- http://www.securityfocus.com/bid/62445
- https://security.gentoo.org/glsa/201612-02
Package lightdm-gtk-greeter updated to version 2.0.1-alt13 for branch sisyphus in task 225215.
Closed bugs
greeter-hide-users=true скрывает вообще указание пользователя
Package libfreetype updated to version 2.10.0-alt1 for branch sisyphus in task 225205.
Closed bugs
Обновление libfreetype
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-2625
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
- http://www.securityfocus.com/bid/96480
- http://www.securitytracker.com/id/1037919
- https://access.redhat.com/errata/RHSA-2017:1865
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625
- https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f
- https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
- https://security.gentoo.org/glsa/201704-03
- https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
- http://www.securityfocus.com/bid/96480
- http://www.securitytracker.com/id/1037919
- https://access.redhat.com/errata/RHSA-2017:1865
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625
- https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f
- https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
- https://security.gentoo.org/glsa/201704-03
- https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Closed vulnerabilities
Modified: 2025-04-12
CVE-2016-7947
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
- http://www.openwall.com/lists/oss-security/2016/10/04/2
- http://www.openwall.com/lists/oss-security/2016/10/04/4
- http://www.securityfocus.com/bid/93365
- http://www.securitytracker.com/id/1036945
- https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74FFOHWYIKQZTJLRJWDMJ4W3WYBELUUG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7662OZWCSTLRPKS6R3E4Y4M26BSVAAM/
- https://lists.x.org/archives/xorg-announce/2016-October/002720.html
- https://security.gentoo.org/glsa/201704-03
- http://www.openwall.com/lists/oss-security/2016/10/04/2
- http://www.openwall.com/lists/oss-security/2016/10/04/4
- http://www.securityfocus.com/bid/93365
- http://www.securitytracker.com/id/1036945
- https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74FFOHWYIKQZTJLRJWDMJ4W3WYBELUUG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7662OZWCSTLRPKS6R3E4Y4M26BSVAAM/
- https://lists.x.org/archives/xorg-announce/2016-October/002720.html
- https://security.gentoo.org/glsa/201704-03
Modified: 2025-04-12
CVE-2016-7948
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
- http://www.openwall.com/lists/oss-security/2016/10/04/2
- http://www.openwall.com/lists/oss-security/2016/10/04/4
- http://www.securityfocus.com/bid/93373
- http://www.securitytracker.com/id/1036945
- https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74FFOHWYIKQZTJLRJWDMJ4W3WYBELUUG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7662OZWCSTLRPKS6R3E4Y4M26BSVAAM/
- https://lists.x.org/archives/xorg-announce/2016-October/002720.html
- https://security.gentoo.org/glsa/201704-03
- http://www.openwall.com/lists/oss-security/2016/10/04/2
- http://www.openwall.com/lists/oss-security/2016/10/04/4
- http://www.securityfocus.com/bid/93373
- http://www.securitytracker.com/id/1036945
- https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74FFOHWYIKQZTJLRJWDMJ4W3WYBELUUG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7662OZWCSTLRPKS6R3E4Y4M26BSVAAM/
- https://lists.x.org/archives/xorg-announce/2016-October/002720.html
- https://security.gentoo.org/glsa/201704-03
Package caffeine-ng updated to version 3.4.2-alt2 for branch sisyphus in task 225247.
Closed bugs
зависает при выходе из программы
Closed bugs
Обновить nano
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-1010314
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Package gst-plugins-good1.0 updated to version 1.15.2-alt2 for branch sisyphus in task 225286.
Closed bugs
Отсутствует libgstqmlgl.so
Closed bugs
Сломалась сборка perl-Glib
Package slick-greeter updated to version 1.2.4-alt2 for branch sisyphus in task 225324.
Closed bugs
Сломалась сборка slick-greeter
Package perl-Time-Format_XS updated to version 1.03-alt5 for branch sisyphus in task 225339.
Closed bugs
Сломалась сборка perl-Time-Format
Сломалась сборка perl-Time-Format
Package kernel-image-std-def updated to version 4.19.30-alt1 for branch sisyphus in task 225292.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-16995
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626
- https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626
- https://security.netapp.com/advisory/ntap-20191031-0005/
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626
- https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626
- https://security.netapp.com/advisory/ntap-20191031-0005/