Branch sisyphus update bulletin.

Package libwebkitgtk4 updated to version 2.24.2-alt1 for branch sisyphus in task 229994.

Published: 2019-05-20

BDU:2019-02101

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2019-8595

Published: 2019-05-20

BDU:2019-02102

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю раскрыть содержимое памяти процессов

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2019-8607

Published: 2019-05-20

BDU:2019-02103

Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2019-8615

Published: 2019-12-18
Modified: 2024-11-21

CVE-2019-8595

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2019-12-18
Modified: 2024-11-21

CVE-2019-8607

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2019-12-18
Modified: 2024-11-21

CVE-2019-8615

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Package teeworlds updated to version 0.7.3.1-alt1 for branch sisyphus in task 230023.

Published: 2019-04-05
Modified: 2024-11-21

CVE-2019-10877

In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-04-05
Modified: 2024-11-21

CVE-2019-10878

In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-04-05
Modified: 2024-11-21

CVE-2019-10879

In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package custodia updated to version 0.6.0-alt3 for branch sisyphus in task 230047.

conflict with old python-module-custodia due to files

Version: 2.1.0

Branch sisyphus update on 2019-05-25

ALT-BU-2019-3681-1

ALT-PU-2019-1907-1

Closed vulnerabilities

BDU:2019-02101

BDU:2019-02102

BDU:2019-02103

CVE-2019-8595

CVE-2019-8607

CVE-2019-8615

ALT-PU-2019-1909-1

Closed vulnerabilities

CVE-2019-10877

CVE-2019-10878

CVE-2019-10879

ALT-PU-2019-1912-1

Closed bugs

Bug #36781