ALT-BU-2020-4124-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2010-4173
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
- http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz
- http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz
- [oss-security] 20101116 CVE Request: libsdp
- [oss-security] 20101116 CVE Request: libsdp
- [oss-security] 20101116 Re: CVE Request: libsdp
- [oss-security] 20101116 Re: CVE Request: libsdp
- https://bugzilla.redhat.com/show_bug.cgi?id=647941
- https://bugzilla.redhat.com/show_bug.cgi?id=647941
Closed bugs
Обновить cjdns до 20.7 или выше
Closed vulnerabilities
BDU:2021-04597
Уязвимость функции LibRaw::identify_process_dng_fields компонента identify.cpp библиотеки для обработки изображений LibRaw, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-00283
Уязвимость компонентов decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, utils/thumb_utils.cpp библиотеки для обработки изображений LibRaw, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-15503
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
- openSUSE-SU-2020:1088
- openSUSE-SU-2020:1088
- openSUSE-SU-2020:1128
- openSUSE-SU-2020:1128
- https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
- https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
- https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1
- https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1
- [debian-lts-announce] 20221130 [SECURITY] [DLA 3214-1] libraw security update
- [debian-lts-announce] 20221130 [SECURITY] [DLA 3214-1] libraw security update
- FEDORA-2020-07f0a49a9e
- FEDORA-2020-07f0a49a9e
- FEDORA-2020-f407db0e65
- FEDORA-2020-f407db0e65
- FEDORA-2020-f421eea477
- FEDORA-2020-f421eea477
- FEDORA-2020-4f4c778096
- FEDORA-2020-4f4c778096
- FEDORA-2020-ed284fd64b
- FEDORA-2020-ed284fd64b
- FEDORA-2020-c6fa12cfb1
- FEDORA-2020-c6fa12cfb1
- https://www.libraw.org/news/libraw-0-20-rc1
- https://www.libraw.org/news/libraw-0-20-rc1
Modified: 2024-11-21
CVE-2020-24870
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
Modified: 2024-11-21
CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-16125
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
- https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314
- https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314
- https://gitlab.gnome.org/GNOME/gdm/-/issues/642
- https://gitlab.gnome.org/GNOME/gdm/-/issues/642
- https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon
- https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon
Closed bugs
libsgutils-devel: add libsgutils2.so for compatibility