ALT-BU-2023-2335-1
Branch sisyphus_e2k update bulletin.
Package ipmitool updated to version 1.8.19-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-03-19
BDU:2020-03947
Уязвимость реализации функций read_fru_area(), read_fru_area_section(), ipmi_spd_print_fru(), ipmi_get_session_info(), ipmi_get_channel_cipher_suites() и get_lan_param_select() утилиты для управления и настройки устройств с поддержкой IPMI ipmitool, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2025-03-05
BDU:2020-04640
Уязвимость функции read_fru_area_section (lib/ipmi_fru.c) утилиты для управления и настройки устройств с поддержкой IPMI ipmitool, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2020-5208
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html
- https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
- https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYYEKUAUTCWICM77HOEGZDVVEUJLP4BP/
- https://security.gentoo.org/glsa/202101-03
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html
- https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
- https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYYEKUAUTCWICM77HOEGZDVVEUJLP4BP/
- https://security.gentoo.org/glsa/202101-03
Package vim updated to version 9.0.1238-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-09-13
BDU:2023-00387
Уязвимость компонента src/normal.c текстового редактора Vim, позволяющая нарушителю выполнить произвольный код
Modified: 2024-09-13
BDU:2023-00451
Уязвимость функций same_leader() и utfc_ptr2len() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код в целевой системе
Modified: 2024-11-21
CVE-2023-0288
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
- http://seclists.org/fulldisclosure/2023/Mar/17
- https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a
- https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/
- https://support.apple.com/kb/HT213670
- http://seclists.org/fulldisclosure/2023/Mar/17
- https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a
- https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/
- https://support.apple.com/kb/HT213670
Modified: 2024-11-21
CVE-2023-0433
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
- http://seclists.org/fulldisclosure/2023/Mar/17
- http://seclists.org/fulldisclosure/2023/Mar/18
- http://seclists.org/fulldisclosure/2023/Mar/21
- https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b
- https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
- https://support.apple.com/kb/HT213670
- https://support.apple.com/kb/HT213675
- https://support.apple.com/kb/HT213677
- http://seclists.org/fulldisclosure/2023/Mar/17
- http://seclists.org/fulldisclosure/2023/Mar/18
- http://seclists.org/fulldisclosure/2023/Mar/21
- https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b
- https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
- https://support.apple.com/kb/HT213670
- https://support.apple.com/kb/HT213675
- https://support.apple.com/kb/HT213677