Branch sisyphus update bulletin.

Package strongswan updated to version 5.9.4-alt1 for branch sisyphus in task 287953.

Published: 2021-10-18

BDU:2023-02802

Уязвимость демона strongSwan, вызванная целочисленным переполнением (при условии, что кэш сертификатов в памяти полон), позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2021-10-18
Modified: 2024-11-21

CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2021-10-18
Modified: 2024-11-21

CVE-2021-41991

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package gpsd updated to version 3.23.1-alt1 for branch sisyphus in task 288080.

Распилить пакет, выделив из него GUI компонент.

Version: 2.1.0

Branch sisyphus update on 2021-10-24

ALT-BU-2021-4303-1

ALT-PU-2021-3101-1

Closed vulnerabilities

BDU:2023-02802

CVE-2021-41990

CVE-2021-41991

ALT-PU-2021-3102-1

Closed bugs

Bug #41036