ALT-BU-2022-4399-1
Branch sisyphus update bulletin.
Closed bugs
Яндекс Браузер раздаётся как stable
Closed vulnerabilities
BDU:2022-05666
Уязвимость реализации протокола GATT (Generic ATTribute Profile) стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
- https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
- https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
- https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- GLSA-202209-16
- GLSA-202209-16
Closed vulnerabilities
Modified: 2025-03-27
CVE-2021-45429
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.
Package strongswan updated to version 5.9.5-alt1 for branch sisyphus in task 297309.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-45079
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.