Branch sisyphus update bulletin.

Package roundcube updated to version 1.4.11-alt1 for branch sisyphus in task 265994.

Published: 2021-02-09
Modified: 2024-11-21

CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

Severity: LOW (3.5) Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Package myconnector updated to version 2.0.rc2-alt1 for branch sisyphus in task 265990.

Язык только русский

Package libjasper updated to version 2.0.25-alt1 for branch sisyphus in task 265995.

Published: 2021-02-23
Modified: 2024-11-21

CVE-2021-26926

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2021-02-23
Modified: 2024-11-21

CVE-2021-26927

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2021-01-27
Modified: 2024-11-21

CVE-2021-3272

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package connman updated to version 1.39-alt1 for branch sisyphus in task 266006.

Published: 2021-02-09

BDU:2021-01128

Уязвимость пакета dnsproxy диспетчера соединений Connman, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (5.8) Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2021-26675

Published: 2021-02-09

BDU:2021-01129

Уязвимость компонента gdhcp диспетчера соединений Connman, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: LOW (3.3) Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2021-26676

Published: 2021-02-09
Modified: 2024-11-21

CVE-2021-26675

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

Severity: MEDIUM (5.8) Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2021-02-09
Modified: 2024-11-21

CVE-2021-26676

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

Severity: LOW (3.3) Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package python3-module-cryptography updated to version 3.4.3-alt3 for branch sisyphus in task 266014.

update to 3.4.2+

Package sssd updated to version 2.4.1-alt2 for branch sisyphus in task 266052.

No data currently available.

Version: 2.1.2

Branch sisyphus update on 2021-02-10

ALT-BU-2021-3734-1

ALT-PU-2021-1239-1

Closed vulnerabilities

CVE-2021-26925

ALT-PU-2021-1240-1

Closed bugs

Bug #37287

ALT-PU-2021-1241-1

Closed vulnerabilities

CVE-2021-26926

CVE-2021-26927

CVE-2021-3272

ALT-PU-2021-1242-1

Closed vulnerabilities

BDU:2021-01128

BDU:2021-01129

CVE-2021-26675

CVE-2021-26676

ALT-PU-2021-1243-1

Closed bugs

Bug #39662

ALT-PU-2021-1244-1

Closed vulnerabilities

OVE-20210209-0001