ALT-BU-2021-4118-1
Branch sisyphus update bulletin.
Package python3-module-wx updated to version 4.0.7-alt4 for branch sisyphus in task 282641.
Closed bugs
Не прописан конфликт между python3-module-wx-utils и python-module-wx3.0
Package kernel-image-std-kvm updated to version 5.10.58-alt1 for branch sisyphus in task 282670.
Closed vulnerabilities
BDU:2021-04028
Уязвимость функции rtas_args.nargs драйвера arch/powerpc/kvm/book3s_rtas.c ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти операционной системы хоста
Modified: 2024-11-21
CVE-2021-37576
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
- http://www.openwall.com/lists/oss-security/2021/07/27/2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDFA7DSQIPM7XPNXJBXFWXHJFVUBCAG6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2YZ2DNURMYYVDT2NYAFDESJC35KCUDS/
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
- https://security.netapp.com/advisory/ntap-20210917-0005/
- https://www.debian.org/security/2021/dsa-4978
- http://www.openwall.com/lists/oss-security/2021/07/27/2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDFA7DSQIPM7XPNXJBXFWXHJFVUBCAG6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2YZ2DNURMYYVDT2NYAFDESJC35KCUDS/
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
- https://security.netapp.com/advisory/ntap-20210917-0005/
- https://www.debian.org/security/2021/dsa-4978
Closed bugs
geeqie не запускается: Unable to initialize Clutter
Package python3-module-babel updated to version 2.9.1-alt1 for branch sisyphus in task 282703.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-42771
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
- https://github.com/python-babel/babel/pull/782
- https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- https://www.debian.org/security/2021/dsa-5018
- https://www.tenable.com/security/research/tra-2021-14
- https://github.com/python-babel/babel/pull/782
- https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- https://www.debian.org/security/2021/dsa-5018
- https://www.tenable.com/security/research/tra-2021-14
Package python3-module-rsa updated to version 4.7.2-alt1 for branch sisyphus in task 282729.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-25658
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- https://github.com/sybrenstuvel/python-rsa/issues/165
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- https://github.com/sybrenstuvel/python-rsa/issues/165
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/