ALT-BU-2020-3995-1
Branch p9 update bulletin.
Closed vulnerabilities
BDU:2020-03219
Уязвимость демона ntpd реализации протокола синхронизации времени NTP, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-15025
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
- openSUSE-SU-2020:0934
- openSUSE-SU-2020:0934
- openSUSE-SU-2020:1007
- openSUSE-SU-2020:1007
- https://bugs.gentoo.org/729458
- https://bugs.gentoo.org/729458
- GLSA-202007-12
- GLSA-202007-12
- https://security.netapp.com/advisory/ntap-20200702-0002/
- https://security.netapp.com/advisory/ntap-20200702-0002/
- https://support.ntp.org/bin/view/Main/NtpBug3661
- https://support.ntp.org/bin/view/Main/NtpBug3661
- https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
- https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
Closed vulnerabilities
BDU:2021-00571
Уязвимость компонента Kafka Protocol Dissector (epan/dissectors/packet-kafka.c) программы-анализатора трафика Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01457
Уязвимость диссектора GVCP анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-15466
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
- openSUSE-SU-2020:1188
- openSUSE-SU-2020:1188
- openSUSE-SU-2020:1199
- openSUSE-SU-2020:1199
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=11f40896b696e4e8c7f8b2ad96028404a83a51a4
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=11f40896b696e4e8c7f8b2ad96028404a83a51a4
- [debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update
- [debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update
- GLSA-202007-13
- GLSA-202007-13
- https://www.wireshark.org/security/wnpa-sec-2020-09.html
- https://www.wireshark.org/security/wnpa-sec-2020-09.html
Modified: 2024-11-21
CVE-2020-17498
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
- openSUSE-SU-2020:1878
- openSUSE-SU-2020:1878
- openSUSE-SU-2020:1882
- openSUSE-SU-2020:1882
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=76afda963de4f0b9be24f2d8e873990a5cbf221b
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=76afda963de4f0b9be24f2d8e873990a5cbf221b
- FEDORA-2020-7f91f10f2b
- FEDORA-2020-7f91f10f2b
- FEDORA-2020-2981a0224d
- FEDORA-2020-2981a0224d
- GLSA-202008-14
- GLSA-202008-14
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.wireshark.org/security/wnpa-sec-2020-10.html
- https://www.wireshark.org/security/wnpa-sec-2020-10.html