Branch sisyphus update bulletin.

Package openconnect updated to version 8.10-alt1 for branch sisyphus in task 251779.

Published: 2020-05-12

BDU:2020-04472

Уязвимость функции get_cert_name (gnutls.c) приложения для подключения к виртуальным частным сетям OpenConnect, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2020-12823

Published: 2020-05-12
Modified: 2024-11-21

CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package edk2-tools updated to version 20200229-alt1 for branch sisyphus in task 251783.

Published: 2020-09-08

BDU:2020-04779

Уязвимость микропрограммного обеспечения BIOS процессоров Intel, связанная с ошибками управления привилегиями, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.0) Vector: AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

References:

CVE-2019-14558

Published: 2020-10-05
Modified: 2024-11-21

CVE-2019-14558

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14563

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14575

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14586

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14587

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package edk2 updated to version 20200229-alt1 for branch sisyphus in task 251783.

Published: 2020-09-08

BDU:2020-04779

Severity: LOW (3.0) Vector: AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

References:

CVE-2019-14558

Published: 2020-10-05
Modified: 2024-11-21

CVE-2019-14558

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14563

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14575

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14586

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14587

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package tor updated to version 0.4.3.5-alt1 for branch sisyphus in task 251767.

Published: 2020-03-23

BDU:2020-01963

Уязвимость браузера Tor, связанная с неконтролируемым расходом ресурса, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2020-10592

Published: 2020-03-23
Modified: 2024-11-21

CVE-2020-10592

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-03-23
Modified: 2024-11-21

CVE-2020-10593

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package LibreOffice-still updated to version 6.3.6.2-alt2 for branch sisyphus in task 251766.

В программной группе LibreOffice Сalc отображается с той же иконкой, что и у калькулятора

Version: 2.1.0

Branch sisyphus update on 2020-05-17

ALT-BU-2020-3817-1

ALT-PU-2020-1970-1

Closed vulnerabilities

BDU:2020-04472

CVE-2020-12823

ALT-PU-2020-1971-1

Closed vulnerabilities

BDU:2020-04779

CVE-2019-14558

CVE-2019-14559

CVE-2019-14563

CVE-2019-14575

CVE-2019-14586

CVE-2019-14587

ALT-PU-2020-1972-1

Closed vulnerabilities

BDU:2020-04779

CVE-2019-14558

CVE-2019-14559

CVE-2019-14563

CVE-2019-14575

CVE-2019-14586

CVE-2019-14587

ALT-PU-2020-1973-1

Closed vulnerabilities

BDU:2020-01963

CVE-2020-10592

CVE-2020-10593

ALT-PU-2020-1974-1

Closed bugs

Bug #38480