ALT-BU-2022-3800-1
Branch sisyphus_e2k update bulletin.
Package liburiparser updated to version 0.9.6-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-05751
Уязвимость парсера Uriparser, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05786
Уязвимость парсера Uriparser, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
- https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
- https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
- https://github.com/uriparser/uriparser/issues/121
- https://github.com/uriparser/uriparser/issues/121
- https://github.com/uriparser/uriparser/pull/124
- https://github.com/uriparser/uriparser/pull/124
- [debian-lts-announce] 20220126 [SECURITY] [DLA 2883-2] uriparser security update
- [debian-lts-announce] 20220126 [SECURITY] [DLA 2883-2] uriparser security update
- FEDORA-2022-00a529a8bf
- FEDORA-2022-00a529a8bf
- FEDORA-2022-cfd0048127
- FEDORA-2022-cfd0048127
- DSA-5063
- DSA-5063
Modified: 2024-11-21
CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
- https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
- https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
- https://github.com/uriparser/uriparser/issues/122
- https://github.com/uriparser/uriparser/issues/122
- https://github.com/uriparser/uriparser/pull/124
- https://github.com/uriparser/uriparser/pull/124
- FEDORA-2022-00a529a8bf
- FEDORA-2022-00a529a8bf
- FEDORA-2022-cfd0048127
- FEDORA-2022-cfd0048127
- DSA-5063
- DSA-5063
Package util-linux updated to version 2.37.3-alt2 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-00589
Уязвимость стандартного пакета служебных утилит командной строки util-linux, связанная с некорректными разрешениями и привилегиями доступа, позволяющая нарушителю обойти введенные ограничения безопасности
Modified: 2024-11-21
CVE-2021-3995
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- https://bugzilla.redhat.com/show_bug.cgi?id=2024631https://access.redhat.com/security/cve/CVE-2021-3995
- https://bugzilla.redhat.com/show_bug.cgi?id=2024631https://access.redhat.com/security/cve/CVE-2021-3995
- https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
- https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
- https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
- https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
- GLSA-202401-08
- GLSA-202401-08
- https://security.netapp.com/advisory/ntap-20221209-0002/
- https://security.netapp.com/advisory/ntap-20221209-0002/
- https://www.openwall.com/lists/oss-security/2022/01/24/2
- https://www.openwall.com/lists/oss-security/2022/01/24/2
Modified: 2024-11-21
CVE-2021-3996
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- https://access.redhat.com/security/cve/CVE-2021-3996
- https://access.redhat.com/security/cve/CVE-2021-3996
- https://bugzilla.redhat.com/show_bug.cgi?id=2024628
- https://bugzilla.redhat.com/show_bug.cgi?id=2024628
- https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb
- https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb
- https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
- https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
- GLSA-202401-08
- GLSA-202401-08
- https://security.netapp.com/advisory/ntap-20221209-0002/
- https://security.netapp.com/advisory/ntap-20221209-0002/
- https://www.openwall.com/lists/oss-security/2022/01/24/2
- https://www.openwall.com/lists/oss-security/2022/01/24/2