ALT-BU-2019-3582-1
Branch p8 update bulletin.
Package libseccomp updated to version 2.4.0-alt1 for branch p8 in task 225578.
Closed vulnerabilities
BDU:2020-01597
Уязвимость библиотеки libseccomp, связанная с недостатками разграничения доступа к некоторым функциям, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-9893
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
- openSUSE-SU-2019:2283
- openSUSE-SU-2019:2280
- RHSA-2019:3624
- https://github.com/seccomp/libseccomp/issues/139
- https://seclists.org/oss-sec/2019/q1/179
- GLSA-201904-18
- USN-4001-1
- USN-4001-2
- openSUSE-SU-2019:2283
- USN-4001-2
- USN-4001-1
- GLSA-201904-18
- https://seclists.org/oss-sec/2019/q1/179
- https://github.com/seccomp/libseccomp/issues/139
- RHSA-2019:3624
- openSUSE-SU-2019:2280
Package guile-evms updated to version 0.4-alt16.M80P.2 for branch p8 in task 225438.
Closed bugs
Предлагает noexec для /tmp
Package powershell updated to version 6.0.0-alt5.M80P.6 for branch p8 in task 225618.
Closed bugs
does not start due to framework version mismatch
Сломалась сборка powershell
Closed vulnerabilities
BDU:2020-00252
Уязвимость криптографической библиотеки GnuTLS, связанная с доступом к неинициализированному указателю, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05201
Уязвимость криптографической библиотеки GnuTLS, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-3829
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
- openSUSE-SU-2019:1353
- openSUSE-SU-2019:1353
- RHSA-2019:3600
- RHSA-2019:3600
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829
- https://gitlab.com/gnutls/gnutls/issues/694
- https://gitlab.com/gnutls/gnutls/issues/694
- FEDORA-2019-46df367eed
- FEDORA-2019-46df367eed
- FEDORA-2019-e8c1cf958f
- FEDORA-2019-e8c1cf958f
- FEDORA-2019-971ded6f90
- FEDORA-2019-971ded6f90
- GLSA-201904-14
- GLSA-201904-14
- https://security.netapp.com/advisory/ntap-20190619-0004/
- https://security.netapp.com/advisory/ntap-20190619-0004/
- USN-3999-1
- USN-3999-1
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
Modified: 2024-11-21
CVE-2019-3836
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
- openSUSE-SU-2019:1353
- openSUSE-SU-2019:1353
- RHSA-2019:3600
- RHSA-2019:3600
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836
- https://gitlab.com/gnutls/gnutls/issues/704
- https://gitlab.com/gnutls/gnutls/issues/704
- FEDORA-2019-46df367eed
- FEDORA-2019-46df367eed
- GLSA-201904-14
- GLSA-201904-14
- https://security.netapp.com/advisory/ntap-20190502-0005/
- https://security.netapp.com/advisory/ntap-20190502-0005/
- USN-3999-1
- USN-3999-1
Package freeswitch updated to version 1.8.5-alt1 for branch p8 in task 225249.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-19911
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
Closed bugs
Не упакован switch_version.h