ALT-BU-2021-4010-3
Branch sisyphus update bulletin.
Closed bugs
Собрать с Qt5
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-15260
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing.
- https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872
- https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872
- https://github.com/pjsip/pjproject/pull/2663
- https://github.com/pjsip/pjproject/pull/2663
- https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph
- https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph
- GLSA-202107-42
- GLSA-202107-42
Modified: 2024-11-21
CVE-2021-21375
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
- https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
- https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
- https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
- https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
- [debian-lts-announce] 20210423 [SECURITY] [DLA 2636-1] pjproject security update
- [debian-lts-announce] 20210423 [SECURITY] [DLA 2636-1] pjproject security update
- [debian-lts-announce] 20210523 [SECURITY] [DLA 2665-1] ring security update
- [debian-lts-announce] 20210523 [SECURITY] [DLA 2665-1] ring security update
- GLSA-202107-42
- GLSA-202107-42
Closed bugs
Собрать версию 2.10
Closed bugs
Прошу обновить до 3.4
Package librabbitmq-c updated to version 0.11.0-alt1 for branch sisyphus in task 276502.
Closed bugs
Сломалась сборка librabbitmq-c
Closed bugs
Сломалась сборка cgal
Closed bugs
liblilv FTBFS
Package dotnet-bootstrap-3.1 updated to version 3.1.16-alt1 for branch sisyphus in task 276447.
Closed vulnerabilities
BDU:2021-00931
Уязвимость программной платформы .NET Core, связанная с недостаточной проверкой вводимых даных, позволяющая нарушителю выполнить произвольный код
BDU:2021-02646
Уязвимость программной платформы Microsoft .NET Framework и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2021-26701
.NET Core Remote Code Execution Vulnerability
- FEDORA-2021-265a3c7cb9
- FEDORA-2021-265a3c7cb9
- FEDORA-2021-904d0bd496
- FEDORA-2021-904d0bd496
- FEDORA-2021-3da33cdc80
- FEDORA-2021-3da33cdc80
- FEDORA-2021-1b22f31541
- FEDORA-2021-1b22f31541
- FEDORA-2021-e2d218afe6
- FEDORA-2021-e2d218afe6
- FEDORA-2021-138728e59b
- FEDORA-2021-138728e59b
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
Modified: 2024-11-21
CVE-2021-31204
.NET and Visual Studio Elevation of Privilege Vulnerability
- FEDORA-2021-721731dc86
- FEDORA-2021-721731dc86
- FEDORA-2021-13e3bd248f
- FEDORA-2021-13e3bd248f
- FEDORA-2021-a3c205f5b2
- FEDORA-2021-a3c205f5b2
- FEDORA-2021-d551431950
- FEDORA-2021-d551431950
- FEDORA-2021-f25eb9e302
- FEDORA-2021-f25eb9e302
- FEDORA-2021-c06b64b5ee
- FEDORA-2021-c06b64b5ee
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204
Modified: 2024-11-21
CVE-2021-31957
ASP.NET Core Denial of Service Vulnerability
- FEDORA-2021-cb4f3ab817
- FEDORA-2021-cb4f3ab817
- FEDORA-2021-e9c84e6d26
- FEDORA-2021-e9c84e6d26
- FEDORA-2021-4b3fc547fe
- FEDORA-2021-4b3fc547fe
- FEDORA-2021-1e0e04958d
- FEDORA-2021-1e0e04958d
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957
Package dotnet-coreclr-3.1 updated to version 3.1.16-alt1 for branch sisyphus in task 276447.
Closed vulnerabilities
BDU:2021-02646
Уязвимость программной платформы Microsoft .NET Framework и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2021-31204
.NET and Visual Studio Elevation of Privilege Vulnerability
- FEDORA-2021-721731dc86
- FEDORA-2021-721731dc86
- FEDORA-2021-13e3bd248f
- FEDORA-2021-13e3bd248f
- FEDORA-2021-a3c205f5b2
- FEDORA-2021-a3c205f5b2
- FEDORA-2021-d551431950
- FEDORA-2021-d551431950
- FEDORA-2021-f25eb9e302
- FEDORA-2021-f25eb9e302
- FEDORA-2021-c06b64b5ee
- FEDORA-2021-c06b64b5ee
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204
Package dotnet-aspnetcore-3.1 updated to version 3.1.16-alt1 for branch sisyphus in task 276447.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-31957
ASP.NET Core Denial of Service Vulnerability
- FEDORA-2021-cb4f3ab817
- FEDORA-2021-cb4f3ab817
- FEDORA-2021-e9c84e6d26
- FEDORA-2021-e9c84e6d26
- FEDORA-2021-4b3fc547fe
- FEDORA-2021-4b3fc547fe
- FEDORA-2021-1e0e04958d
- FEDORA-2021-1e0e04958d
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957