2021-09-12
ALT-BU-2021-4194-1
Branch sisyphus update bulletin.
Package make-initrd updated to version 2.23.0-alt1 for branch sisyphus in task 285040.
Closed bugs
Прерывается создание initramfs на AMD Zen3 fam19h из-за отсутствия файла с микрокодами
Make make-initrd build reproducible initrd images
Package ghostscript updated to version 9.54.0-alt3 for branch sisyphus in task 285041.
Closed vulnerabilities
Published: 2022-02-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-3781
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity: CRITICAL (9.9)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References: