2019-06-05
ALT-BU-2019-3708-3
Branch sisyphus update bulletin.
Package python-module-cryptography updated to version 2.7-alt1 for branch sisyphus in task 231440.
Closed bugs
Просьба обновить до 2.7
Closed vulnerabilities
Published: 2019-06-06
Modified: 2024-05-31
Modified: 2024-05-31
BDU:2019-01957
Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2019-06-06
Modified: 2024-12-03
Modified: 2024-12-03
BDU:2019-01958
Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.4)Vector: AV:L/AC:M/Au:S/C:C/I:N/A:N
References:
Published: 2019-06-06
Modified: 2024-05-31
Modified: 2024-05-31
BDU:2019-01959
Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: LOW (3.8)Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2019-06-06
Modified: 2024-05-31
Modified: 2024-05-31
BDU:2019-01960
Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.1)Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (4.0)Vector: AV:L/AC:H/Au:N/C:C/I:N/A:N
References:
Published: 2019-08-13
Modified: 2022-10-18
Modified: 2022-10-18
BDU:2019-02856
Уязвимость модулей virtlockd-admin.socket и virtlogd-admin.socket библиотеки управления виртуализацией Libvirt, позволяющая нарушителю повысить свои привилегии
Severity: MEDIUM (6.5)Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
References:
Published: 2021-07-06
Modified: 2022-10-18
Modified: 2022-10-18
BDU:2021-03397
Уязвимость библиотеки управления виртуализацией Libvirt, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: MEDIUM (5.4)Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (4.8)Vector: AV:A/AC:L/Au:N/C:P/I:N/A:P
References:
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (4.7)Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Severity: MEDIUM (5.6)Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (4.7)Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Severity: MEDIUM (5.6)Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (4.7)Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Severity: MEDIUM (5.6)Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-10132
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
Severity: MEDIUM (6.5)Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://access.redhat.com/errata/RHSA-2019:1264
- https://access.redhat.com/errata/RHSA-2019:1268
- https://access.redhat.com/errata/RHSA-2019:1455
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
- https://security.libvirt.org/2019/0003.html
- https://usn.ubuntu.com/4021-1/
- https://access.redhat.com/errata/RHSA-2019:1264
- https://access.redhat.com/errata/RHSA-2019:1268
- https://access.redhat.com/errata/RHSA-2019:1455
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
- https://security.libvirt.org/2019/0003.html
- https://usn.ubuntu.com/4021-1/
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (4.7)Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Severity: MEDIUM (5.6)Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- https://access.redhat.com/errata/RHSA-2019:1455
- https://access.redhat.com/errata/RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- https://seclists.org/bugtraq/2019/Nov/15
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.gentoo.org/glsa/202003-56
- https://usn.ubuntu.com/3977-3/
- https://www.debian.org/security/2020/dsa-4602
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-04-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-3886
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
Severity: MEDIUM (4.8)Vector: AV:A/AC:L/Au:N/C:P/I:N/A:P
Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
- http://www.securityfocus.com/bid/107777
- https://access.redhat.com/errata/RHBA-2019:3723
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
- https://usn.ubuntu.com/4021-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
- http://www.securityfocus.com/bid/107777
- https://access.redhat.com/errata/RHBA-2019:3723
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
- https://usn.ubuntu.com/4021-1/
Closed bugs
сервер не стартует после установки
Package python-module-asyncssh updated to version 1.17.0-alt1 for branch sisyphus in task 231388.
Closed vulnerabilities
Published: 2018-03-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-7749
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
- https://groups.google.com/forum/#%21msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
- https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
- https://groups.google.com/forum/#%21msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
Published: 2022-05-14
Modified: 2024-09-04
Modified: 2024-09-04
GHSA-97cv-6pjf-5f9q
AsyncSSH SSH Server Authentication Bypass
Severity: CRITICAL (9.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.3)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-7749
- https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
- https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
- https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2018-108.yaml
- https://github.com/ronf/asyncssh
- https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
Closed vulnerabilities
Published: 2017-02-15
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7392
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/10/3
- http://www.openwall.com/lists/oss-security/2016/09/12/7
- http://www.securityfocus.com/bid/92907
- https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1375255
- https://security.gentoo.org/glsa/201708-09
- http://www.openwall.com/lists/oss-security/2016/09/10/3
- http://www.openwall.com/lists/oss-security/2016/09/12/7
- http://www.securityfocus.com/bid/92907
- https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1375255
- https://security.gentoo.org/glsa/201708-09