ALT-BU-2022-4670-1
Branch sisyphus_riscv64 update bulletin.
Package branding-simply-linux updated to version 10.0.900-alt2 for branch sisyphus_riscv64.
Closed bugs
Неправильно указана ссылка для сканирования QR-кода на youtube-канал
Package vim updated to version 8.2.4784-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-03269
Уязвимость реализации функции skip_range() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2022-03270
Уязвимость текстового редактора Vim, связанная со смещением указателя за границы выделенной памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-1381
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/41
- https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47
- https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
- https://security.gentoo.org/glsa/202208-32
- https://security.gentoo.org/glsa/202305-16
- https://support.apple.com/kb/HT213488
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/41
- https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47
- https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
- https://security.gentoo.org/glsa/202208-32
- https://security.gentoo.org/glsa/202305-16
- https://support.apple.com/kb/HT213488
Modified: 2024-11-21
CVE-2022-1420
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/41
- https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca
- https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
- https://security.gentoo.org/glsa/202208-32
- https://security.gentoo.org/glsa/202305-16
- https://support.apple.com/kb/HT213488
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/41
- https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca
- https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
- https://security.gentoo.org/glsa/202208-32
- https://security.gentoo.org/glsa/202305-16
- https://support.apple.com/kb/HT213488
Package system-config-printer updated to version 1.5.16-alt3 for branch sisyphus_riscv64.
Closed bugs
Не работает кнопка "Start service"
Package alterator-ldap-users updated to version 0.8.6-alt2 for branch sisyphus_riscv64.
Closed bugs
Невозможен вход доменного пользователя, созданного с использованием alterator-ldap / netcmdplus
Не добавляется фотография при создании пользователя
Package eepm updated to version 3.18.2-alt1 for branch sisyphus_riscv64.
Closed bugs
Не устанавливается vivaldi
Package branding-alt-workstation updated to version 10.1-alt1 for branch sisyphus_riscv64.
Closed bugs
При потере фокуса выбранный пользователь не подсвечивается в списке
Package fribidi updated to version 1.0.12-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-02658
Уязвимость функции fribidi_remove_bidi_marks() библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код
BDU:2022-02659
Уязвимость библиотеки GNU FriBidi, вызванная переполнением буфера на стеке, позволяющая нарушителю выполнить произвольный код
BDU:2022-02660
Уязвимость функции fribidi_cap_rtl_to_unicode библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-25308
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-25308
- https://bugzilla.redhat.com/show_bug.cgi?id=2047890
- https://github.com/fribidi/fribidi/issues/181
- https://github.com/fribidi/fribidi/pull/184
- https://access.redhat.com/security/cve/CVE-2022-25308
- https://bugzilla.redhat.com/show_bug.cgi?id=2047890
- https://github.com/fribidi/fribidi/issues/181
- https://github.com/fribidi/fribidi/pull/184
Modified: 2024-11-21
CVE-2022-25309
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-25309
- https://bugzilla.redhat.com/show_bug.cgi?id=2047896
- https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
- https://github.com/fribidi/fribidi/issues/182
- https://access.redhat.com/security/cve/CVE-2022-25309
- https://bugzilla.redhat.com/show_bug.cgi?id=2047896
- https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
- https://github.com/fribidi/fribidi/issues/182
Modified: 2024-11-21
CVE-2022-25310
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-25310
- https://bugzilla.redhat.com/show_bug.cgi?id=2047923
- https://github.com/fribidi/fribidi/issues/183
- https://github.com/fribidi/fribidi/pull/186
- https://access.redhat.com/security/cve/CVE-2022-25310
- https://bugzilla.redhat.com/show_bug.cgi?id=2047923
- https://github.com/fribidi/fribidi/issues/183
- https://github.com/fribidi/fribidi/pull/186
Package libinput updated to version 1.20.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-02695
Уязвимость функции evdev_log_msg библиотеки libinput реализации протоколов серверов отображения X.Org и Wayland, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями
Modified: 2024-11-21
CVE-2022-1215
A format string vulnerability was found in libinput
Package librsync updated to version 2.3.2-alt2 for branch sisyphus_riscv64.
Closed bugs
rdiff: Library does not support trace.