ALT Linux Team

Branch sisyphus update on 2020-06-16

2020-06-16

ALT-BU-2020-3872-1

Branch sisyphus update bulletin.

ALT-PU-2020-2179-1

Package boost updated to version 1.73.0-alt2 for branch sisyphus in task 253365.

Closed bugs

Bug #38611

Конфликт 0.73 с 0.72

ALT-PU-2020-2180-1

Package janus updated to version 0.10.1-alt1 for branch sisyphus in task 253478.

Closed vulnerabilities

Published: 2020-06-11
Modified: 2024-11-21

CVE-2020-13898

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-06-11
Modified: 2024-11-21

CVE-2020-13899

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2020-06-11
Modified: 2024-11-21

CVE-2020-13900

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-06-11
Modified: 2024-11-21

CVE-2020-13901

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-06-15
Modified: 2024-11-21

CVE-2020-14033

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-06-15
Modified: 2024-11-21

CVE-2020-14034

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2020-2181-1

Package kernel-image-rt updated to version 4.19.127-alt1.rt54 for branch sisyphus in task 253484.

Closed vulnerabilities

Published: 2020-05-28

BDU:2021-03057

Уязвимость функции fill_thread_core_info() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию и вызвать отказ в обслуживании

Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
References:
Published: 2020-06-12
Modified: 2024-11-21

CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
References:

ALT-PU-2020-2182-1

Package osec updated to version 1.3.0-alt1 for branch sisyphus in task 253481.

Closed bugs

Bug #33018

Ошибка osec: getgrgid_r: No such file or directory

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top