Branch p8 update bulletin.

Package clamav updated to version 0.102.3-alt1 for branch p8 in task 245886.

Published: 2020-05-13
Modified: 2024-11-21

CVE-2020-3327

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-05-13
Modified: 2024-11-21

CVE-2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package c-icap updated to version 0.5.6-alt2 for branch p8 in task 245886.

Изменить URL на https://github.com/c-icap

Package postgresql11 updated to version 11.8-alt0.M80P.1 for branch p8 in task 252074.

Published: 2020-05-14

BDU:2023-00612

Уязвимость установщика Windows installer системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

Severity: MEDIUM (6.7) Vector: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2020-10733

Published: 2020-09-16
Modified: 2024-11-21

CVE-2020-10733

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Package postgresql12 updated to version 12.3-alt0.M80P.1 for branch p8 in task 252074.

Published: 2020-05-14

BDU:2023-00612

Severity: MEDIUM (6.7) Vector: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2020-10733

Published: 2020-09-16
Modified: 2024-11-21

CVE-2020-10733

Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Package freeswitch updated to version 1.10.2-alt1 for branch p8 in task 252357.

Published: 2019-12-02

BDU:2021-05742

Уязвимость реализации файла конфигурации event_socket.conf.xml программно-определяемого телекоммуникационного стека FreeSWITCH и приложения для унифицированного управления видео Victor, позволяющая нарушителю получить полный контроль над системой

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2019-19492

Published: 2019-12-02
Modified: 2024-11-21

CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch p8 update on 2020-05-30

ALT-BU-2020-3844-1

ALT-PU-2020-2037-1

Closed vulnerabilities

CVE-2020-3327

CVE-2020-3341

ALT-PU-2020-2038-1

Closed bugs

Bug #35926

ALT-PU-2020-2043-1

Closed vulnerabilities

BDU:2023-00612

CVE-2020-10733

ALT-PU-2020-2044-1

Closed vulnerabilities

BDU:2023-00612

CVE-2020-10733

ALT-PU-2020-2046-1

Closed vulnerabilities

BDU:2021-05742

CVE-2019-19492