ALT Linux Team

Branch sisyphus update on 2021-02-06

2021-02-06

ALT-BU-2021-3726-1

Branch sisyphus update bulletin.

ALT-PU-2021-1214-1

Package wavpack updated to version 5.4.0-alt1 for branch sisyphus in task 265819.

Closed vulnerabilities

Published: 2020-12-27

BDU:2021-00777

Уязвимость функции WavpackPackSamples компонента pack_utils.c аудиокодека WavPack, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Severity: HIGH (7.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:C
References:
Published: 2020-12-28
Modified: 2024-11-21

CVE-2020-35738

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
References:

ALT-PU-2021-1215-1

Package lighttpd updated to version 1.4.59-alt1 for branch sisyphus in task 265827.

Closed vulnerabilities

Published: 2022-06-11
Modified: 2024-11-21

CVE-2022-30780

Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top