ALT-BU-2021-4118-1
Branch sisyphus update bulletin.
Package python3-module-wx updated to version 4.0.7-alt4 for branch sisyphus in task 282641.
Closed bugs
Не прописан конфликт между python3-module-wx-utils и python-module-wx3.0
Package kernel-image-std-kvm updated to version 5.10.58-alt1 for branch sisyphus in task 282670.
Closed vulnerabilities
BDU:2021-04028
Уязвимость функции rtas_args.nargs драйвера arch/powerpc/kvm/book3s_rtas.c ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти операционной системы хоста
Modified: 2024-11-21
CVE-2021-37576
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
- [oss-security] 20210727 Re: Linux kernel: powerpc: KVM guest to host memory corruption
- [oss-security] 20210727 Re: Linux kernel: powerpc: KVM guest to host memory corruption
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
- FEDORA-2021-12618d9b08
- FEDORA-2021-12618d9b08
- FEDORA-2021-817b3d47d2
- FEDORA-2021-817b3d47d2
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
- https://security.netapp.com/advisory/ntap-20210917-0005/
- https://security.netapp.com/advisory/ntap-20210917-0005/
- DSA-4978
- DSA-4978
Closed bugs
geeqie не запускается: Unable to initialize Clutter
Package python3-module-babel updated to version 2.9.1-alt1 for branch sisyphus in task 282703.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-42771
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
- https://github.com/python-babel/babel/pull/782
- https://github.com/python-babel/babel/pull/782
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- [debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update
- [debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update
- DSA-5018
- DSA-5018
- https://www.tenable.com/security/research/tra-2021-14
- https://www.tenable.com/security/research/tra-2021-14
Package python3-module-rsa updated to version 4.7.2-alt1 for branch sisyphus in task 282729.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-25658
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- https://github.com/sybrenstuvel/python-rsa/issues/165
- https://github.com/sybrenstuvel/python-rsa/issues/165
- FEDORA-2021-783a157adc
- FEDORA-2021-783a157adc
- FEDORA-2021-15e50503d6
- FEDORA-2021-15e50503d6
- FEDORA-2021-c1fef03e71
- FEDORA-2021-c1fef03e71