ALT-BU-2021-3746-1
Branch sisyphus update bulletin.
Package LibreOffice-still updated to version 7.0.4.2-alt1 for branch sisyphus in task 265834.
Closed bugs
Просьба добавить поддержку греческого языка.
Closed bugs
epm play code устанавливает firefox
Package libgcrypt-gost updated to version 1.8.5-alt6 for branch sisyphus in task 266408.
Closed bugs
Конфликтует без причины
Closed vulnerabilities
BDU:2021-01525
Уязвимость модуля конвертации изображения TIFF в RGBA tiff2rgba библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01526
Уязвимость файла tif_getimage.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код
BDU:2021-01527
Уязвимость модуля конвертации изображения TIFF в PDF TIFF2PDF библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01529
Уязвимость файла tif_read.c библиотеки LibTIFF, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-35521
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Modified: 2024-11-21
CVE-2020-35522
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
Modified: 2024-11-21
CVE-2020-35523
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1932040
- https://bugzilla.redhat.com/show_bug.cgi?id=1932040
- https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
- https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
- https://gitlab.com/libtiff/libtiff/-/merge_requests/160
- https://gitlab.com/libtiff/libtiff/-/merge_requests/160
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- FEDORA-2021-1bf4f2f13a
- FEDORA-2021-1bf4f2f13a
- GLSA-202104-06
- GLSA-202104-06
- https://security.netapp.com/advisory/ntap-20210521-0009/
- https://security.netapp.com/advisory/ntap-20210521-0009/
- DSA-4869
- DSA-4869
Modified: 2024-11-21
CVE-2020-35524
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1932044
- https://bugzilla.redhat.com/show_bug.cgi?id=1932044
- https://gitlab.com/libtiff/libtiff/-/merge_requests/159
- https://gitlab.com/libtiff/libtiff/-/merge_requests/159
- https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
- https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- [debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update
- FEDORA-2021-1bf4f2f13a
- FEDORA-2021-1bf4f2f13a
- GLSA-202104-06
- GLSA-202104-06
- https://security.netapp.com/advisory/ntap-20210521-0009/
- https://security.netapp.com/advisory/ntap-20210521-0009/
- DSA-4869
- DSA-4869
Closed vulnerabilities
BDU:2021-01805
Уязвимость реализации протокола LLDP под Unix Lldpd, программного многоуровневого коммутатора Open vSwitch, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- FEDORA-2023-c0c184a019
- FEDORA-2023-c0c184a019
- FEDORA-2023-88991d2713
- FEDORA-2023-88991d2713
- FEDORA-2023-3e4feeadec
- FEDORA-2023-3e4feeadec
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
- GLSA-202311-16
- GLSA-202311-16
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3336
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.