ALT Linux Team

Branch sisyphus update on 2020-09-08

2020-09-08

ALT-BU-2020-4022-3

Branch sisyphus update bulletin.

ALT-PU-2020-2738-2

Package libbrotli updated to version 1.0.9-alt1 for branch sisyphus in task 257540.

Closed vulnerabilities

Published: 2021-03-30
Modified: 2025-12-02

BDU:2021-01775

Уязвимость алгоритма сжатия данных Brotli, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
References:
Published: 2020-09-15
Modified: 2024-11-21

CVE-2020-8927

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References:
Published: 2022-05-24
Modified: 2024-09-16

GHSA-5v8v-66v8-mwm7

Integer overflow in the bundled Brotli C library

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
References:

ALT-PU-2020-2739-1

Package radare2 updated to version 4.5.1-alt1 for branch sisyphus in task 257552.

Closed vulnerabilities

Published: 2020-08-03
Modified: 2024-11-21

CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-08-11
Modified: 2024-11-21

CVE-2020-17487

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top