ALT-BU-2022-4051-1
Branch sisyphus_e2k update bulletin.
Package xorg-cf-files updated to version 1.0.7-alt1 for branch sisyphus_e2k.
Closed bugs
xmkmf формирует неверный AR = ar clq
Package librsync updated to version 2.3.2-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-8242
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
- FEDORA-2015-2923
- FEDORA-2015-2923
- FEDORA-2015-3366
- FEDORA-2015-3366
- FEDORA-2015-3497
- FEDORA-2015-3497
- openSUSE-SU-2015:1752
- openSUSE-SU-2015:1752
- [oss-security] 20140728 rsync vulnerable to collisions
- [oss-security] 20140728 rsync vulnerable to collisions
- [oss-security] 20140805 [CVE Requests] rsync and librsync collisions
- [oss-security] 20140805 [CVE Requests] rsync and librsync collisions
- [oss-security] 20141012 Re: [CVE Requests] rsync and librsync collisions
- [oss-security] 20141012 Re: [CVE Requests] rsync and librsync collisions
- https://bugzilla.redhat.com/show_bug.cgi?id=1126712
- https://bugzilla.redhat.com/show_bug.cgi?id=1126712
- https://github.com/librsync/librsync/issues/5
- https://github.com/librsync/librsync/issues/5
- https://github.com/librsync/librsync/releases/tag/v1.0.0
- https://github.com/librsync/librsync/releases/tag/v1.0.0
- GLSA-201605-04
- GLSA-201605-04
- https://www.miknet.net/security/optimizing-birthday-attack/
- https://www.miknet.net/security/optimizing-birthday-attack/
Closed bugs
Просьба обновить librsync до последней версии
Package ipython3 updated to version 8.0.1-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-05761
Уязвимость команды shell командной оболочки для интерактивных вычислений IPython, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-21699
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
- [debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update
- [debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update
- FEDORA-2022-b58d156ab0
- FEDORA-2022-b58d156ab0
- FEDORA-2022-b9e38f8a56
- FEDORA-2022-b9e38f8a56