ALT-BU-2022-5958-1
Branch sisyphus_e2k update bulletin.
Package flatpak-repo-flathub updated to version 1.1-alt1 for branch sisyphus_e2k.
Closed bugs
broken
Package fribidi updated to version 1.0.12-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-02658
Уязвимость функции fribidi_remove_bidi_marks() библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код
BDU:2022-02659
Уязвимость библиотеки GNU FriBidi, вызванная переполнением буфера на стеке, позволяющая нарушителю выполнить произвольный код
BDU:2022-02660
Уязвимость функции fribidi_cap_rtl_to_unicode библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-25308
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-25308
- https://access.redhat.com/security/cve/CVE-2022-25308
- https://bugzilla.redhat.com/show_bug.cgi?id=2047890
- https://bugzilla.redhat.com/show_bug.cgi?id=2047890
- https://github.com/fribidi/fribidi/issues/181
- https://github.com/fribidi/fribidi/issues/181
- https://github.com/fribidi/fribidi/pull/184
- https://github.com/fribidi/fribidi/pull/184
Modified: 2024-11-21
CVE-2022-25309
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-25309
- https://access.redhat.com/security/cve/CVE-2022-25309
- https://bugzilla.redhat.com/show_bug.cgi?id=2047896
- https://bugzilla.redhat.com/show_bug.cgi?id=2047896
- https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
- https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
- https://github.com/fribidi/fribidi/issues/182
- https://github.com/fribidi/fribidi/issues/182
Modified: 2024-11-21
CVE-2022-25310
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-25310
- https://access.redhat.com/security/cve/CVE-2022-25310
- https://bugzilla.redhat.com/show_bug.cgi?id=2047923
- https://bugzilla.redhat.com/show_bug.cgi?id=2047923
- https://github.com/fribidi/fribidi/issues/183
- https://github.com/fribidi/fribidi/issues/183
- https://github.com/fribidi/fribidi/pull/186
- https://github.com/fribidi/fribidi/pull/186
Package freeradius updated to version 3.2.0-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Modified: 2024-11-21
CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Package radeon-profile updated to version 20200824-alt4 for branch sisyphus_e2k.
Closed bugs
Не корректный размер окна в radeon-profile