Branch p9 update bulletin.

Package mimetex updated to version 1.76-alt1 for branch p9 in task 260903.

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-03488

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2009-07-14
Modified: 2025-04-09

CVE-2009-1382

Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2009-07-14
Modified: 2025-04-09

CVE-2009-2459

Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Package aview updated to version 1.3.0-alt3.rc1 for branch p9 in task 261016.

Published: 2008-11-05
Modified: 2025-04-09

CVE-2008-4935

asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Package wireshark updated to version 3.2.8-alt1 for branch p9 in task 261029.

Published: 2021-02-23
Modified: 2024-09-16

BDU:2021-00876

Уязвимость функции в epan/dissectors/packet-fbzero.c программного обеспечения Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2020-26575

Published: 2022-01-17
Modified: 2024-09-16

BDU:2022-00251

Уязвимость программы для анализа трафика wireshark, связанная с неверными вычислениями, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2020-28030

Published: 2020-10-06
Modified: 2024-11-21

CVE-2020-26575

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-11-02
Modified: 2024-11-21

CVE-2020-28030

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Branch p9 update on 2020-11-07

ALT-BU-2020-4128-1

ALT-PU-2020-3220-1

Closed vulnerabilities

BDU:2015-03488

CVE-2009-1382

CVE-2009-2459

ALT-PU-2020-3221-1

Closed vulnerabilities

CVE-2008-4935

ALT-PU-2020-3222-1

Closed vulnerabilities

BDU:2021-00876

BDU:2022-00251

CVE-2020-26575

CVE-2020-28030