ALT-BU-2021-3717-3

Branch sisyphus update bulletin.

Package xpdf updated to version 4.03-alt1 for branch sisyphus in task 265506.

Уязвимость функции Catalog::findDestInTree() программного обеспечения для просмотра PDF Xpdf, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5)Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.9)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2022-48545

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package kernel-source-lkrg updated to version 0.8.1+git20210130-alt1 for branch sisyphus in task 265521.

5.10.11-un-def-alt1 cannot be booted with p_lkrg module

Version: 2.1.2

Branch sisyphus update on 2021-01-31

ALT-BU-2021-3717-3

ALT-PU-2021-1186-2

Closed vulnerabilities

BDU:2023-07872

CVE-2020-25725

CVE-2020-35376

CVE-2022-48545

ALT-PU-2021-1187-1

Closed bugs

Bug #39626