ALT-BU-2021-4563-1
Branch p10 update bulletin.
Closed vulnerabilities
BDU:2022-00592
Уязвимость пакета управления рассылками электронных писем GNU Mailman, связанная с недостаточной проверкой источника HTTP-запроса, позволяющая нарушителю выполнять атаки с подделкой межсайтовых запросов
Modified: 2024-11-21
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Closed vulnerabilities
Modified: 2025-02-06
CVE-2021-43612
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
- https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
- https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
- https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13
- https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13
- FEDORA-2023-c0c184a019
- FEDORA-2023-c0c184a019
- FEDORA-2023-88991d2713
- FEDORA-2023-88991d2713
- FEDORA-2023-3e4feeadec
- FEDORA-2023-3e4feeadec
- https://lldpd.github.io/security.html
- https://lldpd.github.io/security.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- GLSA-202208-02
- GLSA-202208-02
- https://security.netapp.com/advisory/ntap-20220121-0002/
- https://security.netapp.com/advisory/ntap-20220121-0002/
Modified: 2024-11-21
CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- GLSA-202208-02
- GLSA-202208-02