Branch p9 update bulletin.

Package osec updated to version 1.3.1-alt1.M90P.1 for branch p9 in task 259023.

Account all types of changes

Добавить timerunit для systemd

Добавить опцию в pipe.conf для управления -r

Package gdal updated to version 2.2.3-alt3.1.M90P.3 for branch p9 in task 259375.

Published: 2019-10-13

BDU:2022-03342

Уязвимость функции OGRExpatRealloc файла ogr/ogr_expat.cpp. библиотеки-транслятора для геопространственных данных GDAL, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2019-17545

Published: 2019-10-14
Modified: 2024-11-21

CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package tpm2-tss updated to version 2.4.3-alt1 for branch p9 in task 259419.

Published: 2021-02-26
Modified: 2024-11-21

CVE-2020-24455

Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch p9 update on 2020-10-14

ALT-BU-2020-4085-1

ALT-PU-2020-3038-1

Closed bugs

Bug #38771

Bug #38902

Bug #38903

ALT-PU-2020-3051-1

Closed vulnerabilities

BDU:2022-03342

CVE-2019-17545

ALT-PU-2020-3052-1

Closed vulnerabilities

CVE-2020-24455