ALT Linux Team

Branch p9 update on 2020-10-31

2020-10-31

ALT-BU-2020-4117-3

Branch p9 update bulletin.

ALT-PU-2020-3169-2

Package gifsicle updated to version 1.92-alt1 for branch p9 in task 260570.

Closed vulnerabilities

Published: 2017-08-09

BDU:2018-00509

Уязвимость функции read_gif программного обеспечения для просмотра GIF-файлов gifview пакета программ для создания, редактирования и оптимизации GIF-файлов Gifsicle, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-01-02
Modified: 2024-11-21

CVE-2017-1000421

Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-02-02
Modified: 2024-11-21

CVE-2017-18120

A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-06-23
Modified: 2024-11-21

CVE-2023-36193

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-10-18
Modified: 2024-11-21

CVE-2023-46009

gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2020-3170-2

Package libhtp updated to version 0.5.35-alt1 for branch p9 in task 260502.

Closed vulnerabilities

Published: 2017-08-28
Modified: 2024-11-21

CVE-2015-0928

libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-04-04
Modified: 2024-11-21

CVE-2018-10243

htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-10-10
Modified: 2024-11-21

CVE-2019-17420

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:

ALT-PU-2020-3171-1

Package inspircd updated to version 2.0.29-alt1 for branch p9 in task 260441.

Closed vulnerabilities

Published: 2019-08-19

BDU:2022-06171

Уязвимость демона InspIRCd, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-04-22

BDU:2022-06172

Уязвимость демона InspIRCd, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-09-11
Modified: 2024-11-21

CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-09-11
Modified: 2024-11-21

CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2020-3174-1

Package snmptt updated to version 1.4.2-alt1 for branch p9 in task 260493.

Closed vulnerabilities

Published: 2020-08-16

BDU:2021-03734

Уязвимость обработчика SNMP-trap SNMPTT, связанная с неправильной проверкой удаленных пользователей, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-08-16
Modified: 2024-11-21

CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2020-3175-1

Package bchunk updated to version 1.2.2-alt1 for branch p9 in task 260565.

Closed vulnerabilities

Published: 2017-09-09

BDU:2017-02604

Уязвимость программного обеспечение для преобразования образов bchunk операционной системы Debian GNU/Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать аварийное завершение работы приложения

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2017-09-09

BDU:2017-02605

Уязвимость программного обеспечение для преобразования образов bchunk операционной системы Debian GNU/Linux, вызванная переполнением буфера в динамической памяти, позволяющая нарушителю вызвать аварийное завершение работы приложения

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2017-09-09

BDU:2017-02606

Уязвимость программного обеспечение для преобразования образов bchunk операционной системы Debian GNU/Linux, вызванная переполнением буфера в динамической памяти, позволяющая нарушителю вызвать аварийное завершение работы приложения

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2017-10-29
Modified: 2024-11-21

CVE-2017-15953

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2017-10-29
Modified: 2024-11-21

CVE-2017-15954

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2017-10-29
Modified: 2024-11-21

CVE-2017-15955

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2020-3178-1

Package fuseiso updated to version 20070708-alt3 for branch p9 in task 260618.

Closed vulnerabilities

Published: 2016-03-30

BDU:2016-00921

Уязвимость программного средства для монтирования образа диска FuseISO, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.0)
References:
Published: 2016-03-30

BDU:2016-00922

Уязвимость программного средства для монтирования образа диска FuseISO, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (5.0)
References:
Published: 2016-03-30
Modified: 2024-11-21

CVE-2015-8836

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

Severity: HIGH (7.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-30
Modified: 2024-11-21

CVE-2015-8837

Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.

Severity: HIGH (7.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top