ALT-BU-2020-4113-1
Branch p9 update bulletin.
Package thunderbird updated to version 78.4.0-alt1 for branch p9 in task 260277.
Closed vulnerabilities
BDU:2021-01486
Уязвимость реализации технологии WebRTC программных средств Google Chrome, Firefox, Firefox-ESR и Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-05797
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
- openSUSE-SU-2020:1732
- openSUSE-SU-2020:1732
- openSUSE-SU-2020:1748
- openSUSE-SU-2020:1748
- openSUSE-SU-2020:1780
- openSUSE-SU-2020:1780
- openSUSE-SU-2020:1785
- openSUSE-SU-2020:1785
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140
- [debian-lts-announce] 20201027 [SECURITY] [DLA 2416-1] thunderbird security update
- [debian-lts-announce] 20201027 [SECURITY] [DLA 2416-1] thunderbird security update
- GLSA-202010-08
- GLSA-202010-08
- DSA-4780
- DSA-4780
- https://www.mozilla.org/security/advisories/mfsa2020-45/
- https://www.mozilla.org/security/advisories/mfsa2020-45/
- https://www.mozilla.org/security/advisories/mfsa2020-46/
- https://www.mozilla.org/security/advisories/mfsa2020-46/
- https://www.mozilla.org/security/advisories/mfsa2020-47/
- https://www.mozilla.org/security/advisories/mfsa2020-47/
Modified: 2024-11-21
CVE-2020-15969
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- openSUSE-SU-2020:1829
- openSUSE-SU-2020:1829
- 20201215 APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3
- 20201215 APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3
- 20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave
- 20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave
- 20201215 APPLE-SA-2020-12-14-5 watchOS 7.2
- 20201215 APPLE-SA-2020-12-14-5 watchOS 7.2
- 20201215 APPLE-SA-2020-12-14-7 tvOS 14.3
- 20201215 APPLE-SA-2020-12-14-7 tvOS 14.3
- 20201215 APPLE-SA-2020-12-14-8 Safari 14.0.2
- 20201215 APPLE-SA-2020-12-14-8 Safari 14.0.2
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
- https://crbug.com/1124659
- https://crbug.com/1124659
- FEDORA-2020-8aca25b5c8
- FEDORA-2020-8aca25b5c8
- FEDORA-2020-127d40f1ab
- FEDORA-2020-127d40f1ab
- FEDORA-2020-4e8e48da22
- FEDORA-2020-4e8e48da22
- GLSA-202101-30
- GLSA-202101-30
- https://support.apple.com/kb/HT212003
- https://support.apple.com/kb/HT212003
- https://support.apple.com/kb/HT212005
- https://support.apple.com/kb/HT212005
- https://support.apple.com/kb/HT212007
- https://support.apple.com/kb/HT212007
- https://support.apple.com/kb/HT212009
- https://support.apple.com/kb/HT212009
- https://support.apple.com/kb/HT212011
- https://support.apple.com/kb/HT212011
- DSA-4824
- DSA-4824
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-12243
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
- openSUSE-SU-2020:0647
- https://bugs.openldap.org/show_bug.cgi?id=9202
- https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
- https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
- [debian-lts-announce] 20200502 [SECURITY] [DLA 2199-1] openldap security update
- https://security.netapp.com/advisory/ntap-20200511-0003/
- https://support.apple.com/kb/HT211289
- USN-4352-1
- USN-4352-2
- DSA-4666
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- openSUSE-SU-2020:0647
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- DSA-4666
- USN-4352-2
- USN-4352-1
- https://support.apple.com/kb/HT211289
- https://security.netapp.com/advisory/ntap-20200511-0003/
- [debian-lts-announce] 20200502 [SECURITY] [DLA 2199-1] openldap security update
- https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
- https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
- https://bugs.openldap.org/show_bug.cgi?id=9202
Package alterator-datetime updated to version 4.6.2-alt1 for branch p9 in task 260417.
Closed bugs
Некорректное значение параметра clocksource в /etc/sysconfig/grub2
Closed vulnerabilities
BDU:2019-01952
Уязвимость функции вызова strncpy Atftpd, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на целостность и конфиденциальность данных или вызвать отказ в обслуживании
BDU:2019-01954
Уязвимость функции thread_list_mutex продвинутого TFTP-сервера Atftpd, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-11365
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
- [debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update
- [debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update
- https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
- https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
- 20190508 [SECURITY] [DSA 4438-1] atftp security update
- 20190508 [SECURITY] [DSA 4438-1] atftp security update
- GLSA-202003-14
- GLSA-202003-14
- https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
- https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
- USN-4540-1
- USN-4540-1
- DSA-4438
- DSA-4438
Modified: 2024-11-21
CVE-2019-11366
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
- [debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update
- [debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update
- https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
- https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
- 20190508 [SECURITY] [DSA 4438-1] atftp security update
- 20190508 [SECURITY] [DSA 4438-1] atftp security update
- GLSA-202003-14
- GLSA-202003-14
- https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
- https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
- USN-4540-1
- USN-4540-1
- DSA-4438
- DSA-4438