ALT Linux Team

Branch p9 update on 2020-12-12

2020-12-12

ALT-BU-2020-4187-1

Branch p9 update bulletin.

ALT-PU-2020-3493-1

Package sysstat updated to version 12.5.1-alt2 for branch p9 in task 263096.

Closed vulnerabilities

Published: 2019-12-11

BDU:2020-02852

Уязвимость функции check_file_actlst (sa_common.c) утилиты измерения и анализа производительности системы sysstat, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2019-08-03

BDU:2022-06244

Уязвимость функции remap_struct() компонента sa_common.c утилиты для измерения и анализа производительности системы Sysstat, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2019-09-09
Modified: 2024-11-21

CVE-2019-16167

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-12-11
Modified: 2024-11-21

CVE-2019-19725

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2020-3495-1

Package hplip updated to version 3.20.11-alt2 for branch p9 in task 263188.

Closed bugs

Bug #39401

Ошибка запуска hplip, hp-toolbox error: dBus initialization error

ALT-PU-2020-3496-1

Package mosquitto updated to version 1.6.9-alt1 for branch p9 in task 263158.

Closed vulnerabilities

Published: 2019-09-19

BDU:2020-01486

Уязвимость брокера сообщений Eclipse Mosquitto, связанная с недостаточной проверкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (6.8) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2019-09-18
Modified: 2024-11-21

CVE-2019-11778

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
References:
Published: 2019-09-19
Modified: 2024-11-21

CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2020-3497-1

Package eiskaltdcpp updated to version 2.4.0-alt1 for branch p9 in task 263083.

Closed bugs

Bug #36782

[DEAD BUG] Вылетает

Bug #37709

прошу обновить с включением коммита 93944747

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top