ALT-BU-2019-3635-1
Branch sisyphus update bulletin.
Closed bugs
Сломана сборка custodia
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-11577
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
- 108090
- 108090
- https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
- https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
- https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
- https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
Modified: 2024-11-21
CVE-2019-11578
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
- 108090
- 108090
- https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
- https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
- https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
- https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
- https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e
- https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e
- https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
- https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
Modified: 2024-11-21
CVE-2019-11579
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
- 108090
- 108090
- [debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update
- [debian-lts-announce] 20190519 [SECURITY] [DLA 1793-1] dhcpcd5 security update
- https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
- https://roy.marples.name/archives/dhcpcd-discuss/0002415.html
- https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
- https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
Closed vulnerabilities
BDU:2018-01505
Уязвимость функции pgrep набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-00182
Уязвимость функции file2strvec набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю выполнить произвольный код
BDU:2019-00250
Уязвимость функции file2strvec набора утилит командной строки procps-ng, позволяющая нарушителю повысить привилегии и выполнить произвольный код
BDU:2020-03291
Уязвимость функции config_file() набора утилит командной строки procps-ng, позволяющая нарушителю повысить свои привилегии
BDU:2020-03292
Уязвимость набора утилит командной строки procps-ng, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2379
- openSUSE-SU-2019:2379
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- 104214
- 104214
- RHSA-2019:2189
- RHSA-2019:2189
- RHSA-2020:0595
- RHSA-2020:0595
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- GLSA-201805-14
- GLSA-201805-14
- USN-3658-1
- USN-3658-1
- USN-3658-3
- USN-3658-3
- DSA-4208
- DSA-4208
- 44806
- 44806
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Modified: 2024-11-21
CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2379
- openSUSE-SU-2019:2379
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- 104214
- 104214
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- GLSA-201805-14
- GLSA-201805-14
- USN-3658-1
- USN-3658-1
- USN-3658-3
- USN-3658-3
- DSA-4208
- DSA-4208
- 44806
- 44806
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Modified: 2024-11-21
CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2379
- openSUSE-SU-2019:2379
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- 104214
- 104214
- 1041057
- 1041057
- RHSA-2018:1700
- RHSA-2018:1700
- RHSA-2018:1777
- RHSA-2018:1777
- RHSA-2018:1820
- RHSA-2018:1820
- RHSA-2018:2267
- RHSA-2018:2267
- RHSA-2018:2268
- RHSA-2018:2268
- RHSA-2019:1944
- RHSA-2019:1944
- RHSA-2019:2401
- RHSA-2019:2401
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://kc.mcafee.com/corporate/index?page=content&id=SB10241
- https://kc.mcafee.com/corporate/index?page=content&id=SB10241
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- GLSA-201805-14
- GLSA-201805-14
- USN-3658-1
- USN-3658-1
- USN-3658-2
- USN-3658-2
- DSA-4208
- DSA-4208
- 44806
- 44806
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Modified: 2024-11-21
CVE-2018-1125
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2379
- openSUSE-SU-2019:2379
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- 104214
- 104214
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- USN-3658-1
- USN-3658-1
- USN-3658-3
- USN-3658-3
- DSA-4208
- DSA-4208
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Modified: 2024-11-21
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2376
- openSUSE-SU-2019:2379
- openSUSE-SU-2019:2379
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- 104214
- 104214
- 1041057
- 1041057
- RHSA-2018:1700
- RHSA-2018:1700
- RHSA-2018:1777
- RHSA-2018:1777
- RHSA-2018:1820
- RHSA-2018:1820
- RHSA-2018:2267
- RHSA-2018:2267
- RHSA-2018:2268
- RHSA-2018:2268
- RHSA-2019:1944
- RHSA-2019:1944
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
- USN-3658-1
- USN-3658-1
- USN-3658-2
- USN-3658-2
- DSA-4208
- DSA-4208
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt