ALT-BU-2020-4124-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-04-11
CVE-2010-4173
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
- http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz
- http://www.openwall.com/lists/oss-security/2010/11/16/2
- http://www.openwall.com/lists/oss-security/2010/11/16/7
- https://bugzilla.redhat.com/show_bug.cgi?id=647941
- http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz
- http://www.openwall.com/lists/oss-security/2010/11/16/2
- http://www.openwall.com/lists/oss-security/2010/11/16/7
- https://bugzilla.redhat.com/show_bug.cgi?id=647941
Closed bugs
Обновить cjdns до 20.7 или выше
Closed vulnerabilities
BDU:2021-04597
Уязвимость функции LibRaw::identify_process_dng_fields компонента identify.cpp библиотеки для обработки изображений LibRaw, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-00283
Уязвимость компонентов decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, utils/thumb_utils.cpp библиотеки для обработки изображений LibRaw, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-15503
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html
- https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
- https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1
- https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCVKD7PTO7UQAVUTBHJAKBKYLPQQGAMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y34ALB34P3NGQXLF7BG7R6DGRX6XL2JN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/
- https://www.libraw.org/news/libraw-0-20-rc1
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html
- https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
- https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1
- https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCVKD7PTO7UQAVUTBHJAKBKYLPQQGAMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y34ALB34P3NGQXLF7BG7R6DGRX6XL2JN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/
- https://www.libraw.org/news/libraw-0-20-rc1
Modified: 2024-11-21
CVE-2020-24870
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
- https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d
- https://github.com/LibRaw/LibRaw/issues/330
- https://security.gentoo.org/glsa/202208-07
- https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d
- https://github.com/LibRaw/LibRaw/issues/330
- https://security.gentoo.org/glsa/202208-07
Modified: 2024-11-21
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-16125
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
- https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314
- https://gitlab.gnome.org/GNOME/gdm/-/issues/642
- https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon
- https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314
- https://gitlab.gnome.org/GNOME/gdm/-/issues/642
- https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon
Closed bugs
libsgutils-devel: add libsgutils2.so for compatibility