Branch sisyphus_mipsel update bulletin.

Package python3-module-celery updated to version 5.2.3-alt1 for branch sisyphus_mipsel.

Published: 2021-12-29
Modified: 2024-11-21

CVE-2021-23727

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package fonts-otf-philosopher updated to version 1.000-alt3 for branch sisyphus_mipsel.

fonts-otf-philosopher: устаревшие макросы %post(un)_fonts.

Package python3-module-mechanize updated to version 0.4.7-alt1 for branch sisyphus_mipsel.

Published: 2023-01-18
Modified: 2024-11-21

CVE-2021-32837

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package libfreetype updated to version 2.12.0-alt1 for branch sisyphus_mipsel.

Published: 2022-03-19

BDU:2022-06905

Уязвимость функции FT_Request_Size библиотеки FreeType, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2022-27406

Published: 2022-03-17

BDU:2022-06908

Уязвимость функции sfnt_init_face библиотеки FreeType, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-27404

Published: 2022-03-18

BDU:2022-06917

Уязвимость функции FNT_Size_Request библиотеки FreeType, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2022-27405

Published: 2022-04-22
Modified: 2024-11-21

CVE-2022-27404

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-04-22
Modified: 2024-11-21

CVE-2022-27405

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2022-04-22
Modified: 2024-11-21

CVE-2022-27406

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Branch sisyphus_mipsel update on 2022-04-05

ALT-BU-2022-4491-1

ALT-PU-2022-4487-1

Closed vulnerabilities

CVE-2021-23727

ALT-PU-2022-4488-1

Closed bugs

Bug #41861

ALT-PU-2022-4489-1

Closed vulnerabilities

CVE-2021-32837

ALT-PU-2022-4490-1

Closed vulnerabilities

BDU:2022-06905

BDU:2022-06908

BDU:2022-06917

CVE-2022-27404

CVE-2022-27405

CVE-2022-27406