ALT Linux Team

Branch sisyphus_riscv64 update on 2022-02-24

2022-02-24

ALT-BU-2022-4147-1

Branch sisyphus_riscv64 update bulletin.

ALT-PU-2022-4145-1

Package wolfssl updated to version 5.2.0-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2022-02-24
Modified: 2024-11-21

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2022-02-24
Modified: 2024-11-21

CVE-2022-25640

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:

ALT-PU-2022-4146-1

Package tcpreplay updated to version 4.4.1-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2022-02-11
Modified: 2024-11-21

CVE-2021-45386

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2022-02-11
Modified: 2024-11-21

CVE-2021-45387

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top