Branch sisyphus_riscv64 update bulletin.

Package cflow updated to version 1.7-alt1 for branch sisyphus_riscv64.

Published: 2021-09-20

BDU:2021-04641

Уязвимость функции call() компонента src/parser.c анализатора потока управления для исходных файлов C Cflow, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2020-23856

Published: 2019-09-09
Modified: 2024-11-21

CVE-2019-16165

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2019-09-09
Modified: 2024-11-21

CVE-2019-16166

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2021-05-18
Modified: 2024-11-21

CVE-2020-23856

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Package graphviz updated to version 3.0.0-alt1 for branch sisyphus_riscv64.

Published: 2022-01-20
Modified: 2023-11-21

BDU:2022-00340

Уязвимость Инструментов Визуализации Графа приложения для визуализации графов Graphviz, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

CVE-2020-18032

Published: 2021-04-29
Modified: 2024-11-21

CVE-2020-18032

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package openssl1.1 updated to version 1.1.1n-alt2 for branch sisyphus_riscv64.

openssl engine pkcs11 не работает в версии 1.1.1n

Package djvu updated to version 3.5.28-alt2 for branch sisyphus_riscv64.

"any2djvu -q" returns wrong status code

Version: 2.1.2

Branch sisyphus_riscv64 update on 2022-04-04

ALT-BU-2022-4480-1

ALT-PU-2022-4476-1

Closed vulnerabilities

BDU:2021-04641

CVE-2019-16165

CVE-2019-16166

CVE-2020-23856

ALT-PU-2022-4477-1

Closed vulnerabilities

BDU:2022-00340

CVE-2020-18032

ALT-PU-2022-4478-1

Closed bugs

Bug #42274

ALT-PU-2022-4479-1

Closed bugs

Bug #16141