Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="8037">
  <issue id="1090495" tracker="bnc">VUL-0: quassel: Corruption of heap metadata leading to preauth remote code execution and DOS</issue>
  <issue id="1069468" tracker="bnc">Packages should no longer use /var/adm/fillup-templates</issue>
  <issue id="2018-1000178" tracker="cve"></issue>
  <issue id="2018-1000179" tracker="cve"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for quassel fixes the following issues:

Security fixes (boo#1090495):

- CVE-2018-1000178: A heap metadata corruption in qdatastream could have been
  exploited to launch an unauthenticated remote code execution

- CVE-2018-1000179: A remote attacker could have caused a Denial of Service attack
  by initiating login attempts before the core got initialized

The following tracked packaging change is included:
    
- boo#1069468: no longer use /var/adm/fillup-templates

This update also includes various small bug fixes in the upstream 0.12.4 release.
</description>
  <summary>Security update for quassel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places