ALT-BU-2021-4483-1
Branch sisyphus_mipsel update bulletin.
Package python3 updated to version 3.9.9-alt1 for branch sisyphus_mipsel.
Closed bugs
python3: BR /proc on riscv64
Package nss updated to version 3.73-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-43527
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
- https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
- https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
- https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
- https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
- https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
- https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
- GLSA-202212-05
- GLSA-202212-05
- https://security.netapp.com/advisory/ntap-20211229-0002/
- https://security.netapp.com/advisory/ntap-20211229-0002/
- https://www.mozilla.org/security/advisories/mfsa2021-51/
- https://www.mozilla.org/security/advisories/mfsa2021-51/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.starwindsoftware.com/security/sw-20220802-0001/
- https://www.starwindsoftware.com/security/sw-20220802-0001/
Package lldpd updated to version 1.0.13-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2025-02-06
CVE-2021-43612
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
- https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
- https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
- https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13
- https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13
- FEDORA-2023-c0c184a019
- FEDORA-2023-c0c184a019
- FEDORA-2023-88991d2713
- FEDORA-2023-88991d2713
- FEDORA-2023-3e4feeadec
- FEDORA-2023-3e4feeadec
- https://lldpd.github.io/security.html
- https://lldpd.github.io/security.html
Package usbredir updated to version 0.12.0-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-05968
Уязвимость функции usbredirparser_serialize() компонента usbredirparser/usbredirparser.c протокола перенаправления USB-трафика Usbredir, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
- https://bugzilla.redhat.com/show_bug.cgi?id=1992830
- https://bugzilla.redhat.com/show_bug.cgi?id=1992830
- https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba
- https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba
- [debian-lts-announce] 20220320 [SECURITY] [DLA 2958-1] usbredir security update
- [debian-lts-announce] 20220320 [SECURITY] [DLA 2958-1] usbredir security update
Package ImageMagick updated to version 6.9.12.31-alt2 for branch sisyphus_mipsel.
Closed bugs
Лишний пункт меню