ALT-BU-2022-4799-1
Branch sisyphus_riscv64 update bulletin.
Package glmark2 updated to version 2021.12-alt1 for branch sisyphus_riscv64.
Closed bugs
glmark2-*-wayland: падает в wayland окружениях, основанных на wlroots
Package python3-module-PyPDF2 updated to version 1.27.9-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-02632
Уязвимость функции ContentStream._readInlineImage библиотеки для обработки PDF PyPDF2, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-24859
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.
- https://github.com/py-pdf/PyPDF2/issues/329
- https://github.com/py-pdf/PyPDF2/issues/329
- https://github.com/py-pdf/PyPDF2/pull/740
- https://github.com/py-pdf/PyPDF2/pull/740
- https://github.com/py-pdf/PyPDF2/releases/tag/1.27.5
- https://github.com/py-pdf/PyPDF2/releases/tag/1.27.5
- https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
- https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
- [debian-lts-announce] 20220603 [SECURITY] [DLA 3039-1] pypdf2 security update
- [debian-lts-announce] 20220603 [SECURITY] [DLA 3039-1] pypdf2 security update
- [debian-lts-announce] 20230609 [SECURITY] [DLA 3451-1] pypdf2 security update
- [debian-lts-announce] 20230609 [SECURITY] [DLA 3451-1] pypdf2 security update
Package freerdp updated to version 2.7.0-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-04713
Уязвимость реализации протокола NTLM RDP-клиента FreeRDP, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-06851
Уязвимость RDP-сервера FreeRDP, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти процесс аутентификации
Modified: 2024-11-21
CVE-2022-24882
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
- https://github.com/FreeRDP/FreeRDP/pull/7750
- https://github.com/FreeRDP/FreeRDP/pull/7750
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
- FEDORA-2022-dc48a89918
- FEDORA-2022-dc48a89918
- FEDORA-2022-a3e03a200b
- FEDORA-2022-a3e03a200b
- FEDORA-2022-b0a47f8060
- FEDORA-2022-b0a47f8060
- GLSA-202210-24
- GLSA-202210-24
Modified: 2024-11-21
CVE-2022-24883
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
- https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
- https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
- https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
- https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
- [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update
- [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update
- FEDORA-2022-dc48a89918
- FEDORA-2022-dc48a89918
- FEDORA-2022-a3e03a200b
- FEDORA-2022-a3e03a200b
- FEDORA-2022-b0a47f8060
- FEDORA-2022-b0a47f8060
- GLSA-202210-24
- GLSA-202210-24
Package eepm updated to version 3.18.6-alt1 for branch sisyphus_riscv64.
Closed bugs
epm play mssql-server: find-requires: ERROR: /usr/lib/rpm/lib.req failed
eepm play --short: отображение компонентов, отсутствующих в eepm play --list-all