ALT-BU-2020-3782-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-11863
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
- openSUSE-SU-2020:0831
- FEDORA-2020-c696d8604b
- https://sourceforge.net/p/libemf/code/commit_browser
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- openSUSE-SU-2020:0831
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/code/commit_browser
- FEDORA-2020-c696d8604b
Modified: 2024-11-21
CVE-2020-11864
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
- openSUSE-SU-2020:0831
- FEDORA-2020-c696d8604b
- https://sourceforge.net/p/libemf/code/commit_browser
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- openSUSE-SU-2020:0831
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/code/commit_browser
- FEDORA-2020-c696d8604b
Modified: 2024-11-21
CVE-2020-11865
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.
- openSUSE-SU-2020:0831
- FEDORA-2020-c696d8604b
- https://sourceforge.net/p/libemf/code/commit_browser
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- openSUSE-SU-2020:0831
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/code/commit_browser
- FEDORA-2020-c696d8604b
Modified: 2024-11-21
CVE-2020-11866
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.
- openSUSE-SU-2020:0831
- FEDORA-2020-c696d8604b
- https://sourceforge.net/p/libemf/code/commit_browser
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- openSUSE-SU-2020:0831
- https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
- https://sourceforge.net/p/libemf/mailman/libemf-devel/
- https://sourceforge.net/p/libemf/code/commit_browser
- FEDORA-2020-c696d8604b
Closed vulnerabilities
BDU:2019-01544
Уязвимость серверного компонента Murmur программного средства для реализации IP-телефонии Mumble, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-20743
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
- openSUSE-SU-2019:1794
- openSUSE-SU-2019:1794
- openSUSE-SU-2019:1876
- openSUSE-SU-2019:1876
- openSUSE-SU-2020:0137
- openSUSE-SU-2020:0137
- https://bugs.debian.org/919249
- https://bugs.debian.org/919249
- https://github.com/mumble-voip/mumble/issues/3505
- https://github.com/mumble-voip/mumble/issues/3505
- https://github.com/mumble-voip/mumble/pull/3510
- https://github.com/mumble-voip/mumble/pull/3510
- https://github.com/mumble-voip/mumble/pull/3512
- https://github.com/mumble-voip/mumble/pull/3512
- [debian-lts-announce] 20190206 [SECURITY] [DLA 1661-1] mumble security update
- [debian-lts-announce] 20190206 [SECURITY] [DLA 1661-1] mumble security update
- DSA-4402
- DSA-4402
Closed vulnerabilities
BDU:2019-02944
Уязвимость реализации функции контроля доступа на основе ролей Role Based Access Control (RBAC) хранилища параметров конфигурации Etcd, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2018-1098
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.
Modified: 2024-11-21
CVE-2018-1099
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Modified: 2024-11-21
CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.
- 106540
- 106540
- RHSA-2019:0237
- RHSA-2019:0237
- RHSA-2019:1352
- RHSA-2019:1352
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication
- FEDORA-2019-219b0b0b6a
- FEDORA-2019-219b0b0b6a
- FEDORA-2019-833466697f
- FEDORA-2019-833466697f