ALT-BU-2021-3987-1
Branch sisyphus update bulletin.
Package python3-module-pikepdf updated to version 2.12.2-alt1 for branch sisyphus in task 274789.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-29421
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
- https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
- https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
- https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
- https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a
- FEDORA-2021-d97bc581be
- FEDORA-2021-d97bc581be
- FEDORA-2021-4bf9909a76
- FEDORA-2021-4bf9909a76
Package kernel-image-un-def updated to version 5.12.12-alt1 for branch sisyphus in task 274788.
Closed vulnerabilities
BDU:2021-03237
Уязвимость компонента arch/arm/mach-footbridge/personal-pci.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-32078
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://kirtikumarar.com/CVE-2021-32078.txt
- https://kirtikumarar.com/CVE-2021-32078.txt
- https://security.netapp.com/advisory/ntap-20210813-0002/
- https://security.netapp.com/advisory/ntap-20210813-0002/