ALT-BU-2019-3866-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2021-03590
Уязвимость мультимедийной библиотеки Ffmpeg, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-03605
Уязвимость мультимедийной библиотеки Ffmpeg, связанная с ошибками разыменования указателя, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-05971
Уязвимость компонента src/libavutil/mathematics.c мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-17539
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733
- https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
- https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
- [debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update
- [debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update
- GLSA-202003-65
- GLSA-202003-65
- USN-4431-1
- USN-4431-1
- DSA-4722
- DSA-4722
Modified: 2024-11-21
CVE-2019-17542
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919
- https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
- https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
- [debian-lts-announce] 20191205 [SECURITY] [DLA 2021-1] libav security update
- [debian-lts-announce] 20191205 [SECURITY] [DLA 2021-1] libav security update
- [debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update
- [debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update
- GLSA-202003-65
- GLSA-202003-65
- USN-4431-1
- USN-4431-1
- DSA-4722
- DSA-4722
Modified: 2024-11-21
CVE-2021-38291
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
Closed vulnerabilities
BDU:2019-03233
Уязвимость подкомпонента Server : Pluggable Auth компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-03235
Уязвимость подкомпонента Server: Security: Privileges компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-03236
Уязвимость подкомпонента Server: XML компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-01523
Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю модифицировать данные или вызвать отказ в обслуживании
BDU:2020-01528
Уязвимость компонента Server: Parser системы управления базами данных MySQL ,позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02584
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-00422
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- openSUSE-SU-2019:2698
- openSUSE-SU-2019:2698
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2484
- RHSA-2019:2484
- RHSA-2019:2511
- RHSA-2019:2511
- RHSA-2019:3708
- RHSA-2019:3708
- FEDORA-2019-96516ce0ac
- FEDORA-2019-96516ce0ac
- FEDORA-2019-c106e46a95
- FEDORA-2019-c106e46a95
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- https://support.f5.com/csp/article/K51272092
- https://support.f5.com/csp/article/K51272092
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&%3Butm_medium=RSS
- USN-4070-1
- USN-4070-1
- USN-4070-2
- USN-4070-2
- USN-4070-3
- USN-4070-3
Modified: 2024-11-21
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
- openSUSE-SU-2019:2698
- openSUSE-SU-2019:2698
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2484
- RHSA-2019:2484
- RHSA-2019:2511
- RHSA-2019:2511
- RHSA-2019:3708
- RHSA-2019:3708
- FEDORA-2019-96516ce0ac
- FEDORA-2019-96516ce0ac
- FEDORA-2019-c106e46a95
- FEDORA-2019-c106e46a95
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- https://support.f5.com/csp/article/K51272092
- https://support.f5.com/csp/article/K51272092
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&%3Butm_medium=RSS
- USN-4070-1
- USN-4070-1
- USN-4070-2
- USN-4070-2
- USN-4070-3
- USN-4070-3
Modified: 2024-11-21
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
- openSUSE-SU-2019:2698
- openSUSE-SU-2019:2698
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2484
- RHSA-2019:2484
- RHSA-2019:2511
- RHSA-2019:2511
- RHSA-2019:3708
- RHSA-2019:3708
- FEDORA-2019-96516ce0ac
- FEDORA-2019-96516ce0ac
- FEDORA-2019-c106e46a95
- FEDORA-2019-c106e46a95
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- https://support.f5.com/csp/article/K03444640
- https://support.f5.com/csp/article/K03444640
- https://support.f5.com/csp/article/K03444640?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K03444640?utm_source=f5support&%3Butm_medium=RSS
- USN-4070-1
- USN-4070-1
- USN-4070-2
- USN-4070-2
- USN-4070-3
- USN-4070-3
Modified: 2024-11-21
CVE-2019-2758
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
- openSUSE-SU-2019:2698
- openSUSE-SU-2019:2698
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2484
- RHSA-2019:2484
- RHSA-2019:2511
- RHSA-2019:2511
- RHSA-2019:3708
- RHSA-2019:3708
- FEDORA-2019-96516ce0ac
- FEDORA-2019-96516ce0ac
- FEDORA-2019-c106e46a95
- FEDORA-2019-c106e46a95
- https://support.f5.com/csp/article/K14118520
- https://support.f5.com/csp/article/K14118520
- https://support.f5.com/csp/article/K14118520?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K14118520?utm_source=f5support&%3Butm_medium=RSS
- USN-4070-1
- USN-4070-1
- USN-4070-3
- USN-4070-3
Modified: 2024-11-21
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
- openSUSE-SU-2019:2698
- openSUSE-SU-2019:2698
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2484
- RHSA-2019:2484
- RHSA-2019:2511
- RHSA-2019:2511
- RHSA-2019:3708
- RHSA-2019:3708
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- https://support.f5.com/csp/article/K04831884
- https://support.f5.com/csp/article/K04831884
- https://support.f5.com/csp/article/K04831884?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K04831884?utm_source=f5support&%3Butm_medium=RSS
- USN-4070-1
- USN-4070-1
- USN-4070-2
- USN-4070-2
- USN-4070-3
- USN-4070-3
Modified: 2024-11-21
CVE-2020-2922
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Modified: 2024-11-21
CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
- FEDORA-2021-b1d1655cef
- FEDORA-2021-b1d1655cef
- FEDORA-2021-db50ab62d3
- FEDORA-2021-db50ab62d3
- GLSA-202105-27
- GLSA-202105-27
- https://security.netapp.com/advisory/ntap-20210622-0001/
- https://security.netapp.com/advisory/ntap-20210622-0001/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
Closed bugs
Неверные имена эмуляторов в конфигурационных файлах