ALT-BU-2023-3818-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2023-01856
Уязвимость текстового редактора vim, связанная с ошибкой деления на ноль, позволяющая нарушителю выполнить произвольный код
BDU:2023-02159
Уязвимость функции class_object_index() (vim9class.c) текстового редактора Vim, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-1127
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
- https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c
- https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c
- https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
- https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
- FEDORA-2023-030318ca00
- FEDORA-2023-030318ca00
- FEDORA-2023-27958e9307
- FEDORA-2023-27958e9307
- FEDORA-2023-ccf283d7e1
- FEDORA-2023-ccf283d7e1
Modified: 2024-11-21
CVE-2023-1170
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.
- https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c
- https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c
- https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
- https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
- FEDORA-2023-43cb13aefb
- FEDORA-2023-43cb13aefb
- FEDORA-2023-030318ca00
- FEDORA-2023-030318ca00
- FEDORA-2023-d4ebe53978
- FEDORA-2023-d4ebe53978
Modified: 2024-11-21
CVE-2023-1175
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
- https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
- https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
- https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
- https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
- [debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update
- [debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update
- FEDORA-2023-43cb13aefb
- FEDORA-2023-43cb13aefb
- FEDORA-2023-030318ca00
- FEDORA-2023-030318ca00
- FEDORA-2023-d4ebe53978
- FEDORA-2023-d4ebe53978
Modified: 2024-11-21
CVE-2023-1264
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
- https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6
- https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6
- https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
- https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
- FEDORA-2023-43cb13aefb
- FEDORA-2023-43cb13aefb
- FEDORA-2023-030318ca00
- FEDORA-2023-030318ca00
- FEDORA-2023-d4ebe53978
- FEDORA-2023-d4ebe53978
Modified: 2024-11-21
CVE-2023-1355
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
- https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46
- https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46
- https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
- https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
- FEDORA-2023-030318ca00
- FEDORA-2023-030318ca00
Modified: 2024-11-21
CVE-2023-2426
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
- https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
- https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
- FEDORA-2023-d6baa1d93e
- FEDORA-2023-99d2eaac80
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
- https://support.apple.com/kb/HT213845
- https://support.apple.com/kb/HT213844
- FEDORA-2023-99d2eaac80
- FEDORA-2023-d6baa1d93e
- https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
Modified: 2024-11-21
CVE-2023-2609
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
- https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
- https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
- FEDORA-2023-99d2eaac80
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
- https://support.apple.com/kb/HT213845
- https://support.apple.com/kb/HT213844
- FEDORA-2023-99d2eaac80
- https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
Modified: 2024-11-29
CVE-2023-2610
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
- https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
- https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
- https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
- https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
- [debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update
- [debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update
- FEDORA-2023-99d2eaac80
- FEDORA-2023-99d2eaac80
- https://security.netapp.com/advisory/ntap-20241129-0006/
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://support.apple.com/kb/HT213845
Package firefox-esr updated to version 102.12.0-alt1 for branch sisyphus in task 322571.
Closed vulnerabilities
BDU:2023-03125
Уязвимость браузеров Mozilla Firefox и Firefox ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2023-03196
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев пользовательского интерфейса, позволяющая нарушителю провести атаку типа clickjacking («захват клика»)
Modified: 2024-11-21
CVE-2023-34414
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1695986
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-19/
- https://www.mozilla.org/security/advisories/mfsa2023-20/
- https://www.mozilla.org/security/advisories/mfsa2023-21/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1695986
- https://www.mozilla.org/security/advisories/mfsa2023-21/
- https://www.mozilla.org/security/advisories/mfsa2023-20/
- https://www.mozilla.org/security/advisories/mfsa2023-19/
- https://security.gentoo.org/glsa/202401-10
- https://security.gentoo.org/glsa/202312-03
Modified: 2025-02-13
CVE-2023-34416
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
- Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12
- Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
- https://security.gentoo.org/glsa/202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-19/
- https://www.mozilla.org/security/advisories/mfsa2023-19/
- https://www.mozilla.org/security/advisories/mfsa2023-20/
- https://www.mozilla.org/security/advisories/mfsa2023-20/
- https://www.mozilla.org/security/advisories/mfsa2023-21/
- https://www.mozilla.org/security/advisories/mfsa2023-21/