ALT-BU-2019-3901-1
Branch sisyphus update bulletin.
Package libvncserver updated to version 0.9.11-alt4 for branch sisyphus in task 236671.
Closed vulnerabilities
BDU:2018-01493
Уязвимость функции rfbProcessClientNormalMessage() кроссплатформенной библиотеки LibVNCServer, позволяющая нарушителю вызвать отказ в обслуживании и получить несанкционированный доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
- http://www.openwall.com/lists/oss-security/2018/02/18/1
- http://www.openwall.com/lists/oss-security/2018/02/18/1
- 103107
- 103107
- RHSA-2018:1055
- RHSA-2018:1055
- https://github.com/LibVNC/libvncserver/issues/218
- https://github.com/LibVNC/libvncserver/issues/218
- [debian-lts-announce] 20180330 [SECURITY] [DLA 1332-1] libvncserver security update
- [debian-lts-announce] 20180330 [SECURITY] [DLA 1332-1] libvncserver security update
- [debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update
- [debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update
- [debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update
- [debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update
- [debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update
- [debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update
- GLSA-201908-05
- GLSA-201908-05
- USN-3618-1
- USN-3618-1
- USN-4547-1
- USN-4547-1
- USN-4573-1
- USN-4573-1
- USN-4587-1
- USN-4587-1
- DSA-4221
- DSA-4221
Closed vulnerabilities
BDU:2022-00273
Уязвимость набора программных инструментов и библиотек для работы со смарт-картами OpenSC, связанная с неправильным освобождением памяти перед удалением последний ссылки, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-6502
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
- [oss-security] 20191229 OpenSC 0.20.0 released
- https://github.com/OpenSC/OpenSC/issues/1586
- [debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update
- [oss-security] 20191229 OpenSC 0.20.0 released
- [debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update
- https://github.com/OpenSC/OpenSC/issues/1586
Closed vulnerabilities
BDU:2019-03330
Уязвимость функции png_image_free (png.c) библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-04779
Уязвимость функции png_create_info_struct библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-14048
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://github.com/fouzhe/security/tree/master/libpng
- https://github.com/fouzhe/security/tree/master/libpng
- https://github.com/glennrp/libpng/issues/238
- https://github.com/glennrp/libpng/issues/238
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- GLSA-201908-02
- GLSA-201908-02
Modified: 2024-11-21
CVE-2018-14550
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
- https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
- https://github.com/glennrp/libpng/issues/246
- GLSA-201908-02
- https://security.netapp.com/advisory/ntap-20221028-0001/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://security.netapp.com/advisory/ntap-20221028-0001/
- GLSA-201908-02
- https://github.com/glennrp/libpng/issues/246
Modified: 2024-11-21
CVE-2019-6129
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
Modified: 2024-11-21
CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
- openSUSE-SU-2019:1484
- openSUSE-SU-2019:1534
- openSUSE-SU-2019:1664
- openSUSE-SU-2019:1916
- openSUSE-SU-2019:1912
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- 108098
- RHSA-2019:1265
- RHSA-2019:1267
- RHSA-2019:1269
- RHSA-2019:1308
- RHSA-2019:1309
- RHSA-2019:1310
- RHSA-2019:2494
- RHSA-2019:2495
- RHSA-2019:2585
- RHSA-2019:2590
- RHSA-2019:2592
- RHSA-2019:2737
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
- https://github.com/glennrp/libpng/issues/275
- [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
- [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- 20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update
- 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
- 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
- 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
- GLSA-201908-02
- https://security.netapp.com/advisory/ntap-20190719-0005/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
- USN-3962-1
- USN-3991-1
- USN-3997-1
- USN-4080-1
- USN-4083-1
- DSA-4435
- DSA-4448
- DSA-4451
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- openSUSE-SU-2019:1484
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- DSA-4451
- DSA-4448
- DSA-4435
- USN-4083-1
- USN-4080-1
- USN-3997-1
- USN-3991-1
- USN-3962-1
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
- https://security.netapp.com/advisory/ntap-20190719-0005/
- GLSA-201908-02
- 20190527 [SECURITY] [DSA 4451-1] thunderbird security update
- 20190523 [SECURITY] [DSA 4448-1] firefox-esr security update
- 20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)
- 20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update
- 20190417 [slackware-security] libpng (SSA:2019-107-01)
- [debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update
- [debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update
- https://github.com/glennrp/libpng/issues/275
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
- RHSA-2019:2737
- RHSA-2019:2592
- RHSA-2019:2590
- RHSA-2019:2585
- RHSA-2019:2495
- RHSA-2019:2494
- RHSA-2019:1310
- RHSA-2019:1309
- RHSA-2019:1308
- RHSA-2019:1269
- RHSA-2019:1267
- RHSA-2019:1265
- 108098
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- openSUSE-SU-2019:1912
- openSUSE-SU-2019:1916
- openSUSE-SU-2019:1664
- openSUSE-SU-2019:1534
Closed vulnerabilities
BDU:2022-00731
Уязвимость компонента /proc/self/setgroups утилиты для управления учетными записями shadow, связанная с неправильным назначением разрешений для файлов, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2018-7169
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.