ALT Linux Team

Branch sisyphus_e2k update on 2021-12-31

2021-12-31

ALT-BU-2021-4835-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2021-4830-1

Package opensc updated to version 0.22.0-alt2 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2022-04-18
Modified: 2024-11-21

CVE-2021-42778

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-04-18
Modified: 2024-11-21

CVE-2021-42779

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-04-18
Modified: 2024-11-21

CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-04-18
Modified: 2024-11-21

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-04-18
Modified: 2024-11-21

CVE-2021-42782

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:

ALT-PU-2021-4831-1

Package nmap updated to version 7.80-alt2 for branch sisyphus_e2k.

Closed bugs

Bug #38271

Собрать nmap с python3

ALT-PU-2021-4832-1

Package ncurses updated to version 6.3.20211106-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-10-21

BDU:2023-00296

Уязвимость функции convert_strings компонента tinfo/read_entry.c библиотеки управления вводом-выводом на терминал Ncurses, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
Published: 2022-04-19
Modified: 2024-11-21

CVE-2022-29458

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:

Closed bugs

Bug #40808

Move /usr/bin/infocmp to termutils

ALT-PU-2021-4833-1

Package openvswitch updated to version 2.16.1-alt2 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-02-23

BDU:2023-02001

Уязвимость функции decode_NXAST_RAW_ENCAP() программного многоуровневого коммутатора Open vSwitch, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.6) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References:
Published: 2021-07-20
Modified: 2024-11-21

CVE-2021-36980

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2021-4834-1

Package gramps updated to version 5.1.4-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #37029

Обновить до актуальной версии 5.0.1

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top