ALT Linux Team

Branch sisyphus update on 2019-09-18

2019-09-18

ALT-BU-2019-3952-1

Branch sisyphus update bulletin.

ALT-PU-2019-2704-1

Package wireshark updated to version 3.0.4-alt1 for branch sisyphus in task 237648.

Closed vulnerabilities

Published: 2019-09-15

BDU:2022-00269

Уязвимость программы для анализа трафика wireshark, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-09-15
Modified: 2024-11-21

CVE-2019-16319

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2019-2705-1

Package elinks updated to version 0.12-alt0.12.4 for branch sisyphus in task 237667.

Closed bugs

Bug #36113

network/socket.c: Don't take address of a pointer

ALT-PU-2019-2706-1

Package radare2 updated to version 3.9.0-alt1 for branch sisyphus in task 237688.

Closed vulnerabilities

Published: 2019-09-23
Modified: 2024-11-21

CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top