ALT-BU-2022-6360-1
Branch sisyphus_mipsel update bulletin.
Package xfce-polkit updated to version 0.3-alt2.g820497b for branch sisyphus_mipsel.
Closed bugs
Запускать только в сеансе по xfce
Package libvirglrenderer updated to version 0.10.3-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-0135
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.
- https://bugzilla.redhat.com/show_bug.cgi?id=2037790
- https://bugzilla.redhat.com/show_bug.cgi?id=2037790
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
- GLSA-202210-05
- GLSA-202210-05
Modified: 2024-11-21
CVE-2022-0175
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
- https://access.redhat.com/security/cve/CVE-2022-0175
- https://access.redhat.com/security/cve/CVE-2022-0175
- https://bugzilla.redhat.com/show_bug.cgi?id=2039003
- https://bugzilla.redhat.com/show_bug.cgi?id=2039003
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
- GLSA-202210-05
- GLSA-202210-05
- https://security-tracker.debian.org/tracker/CVE-2022-0175
- https://security-tracker.debian.org/tracker/CVE-2022-0175
Package libxslt updated to version 1.1.37-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-03033
Уязвимость компонентов buf.c и tree.c библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- [debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update
- [debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update
- FEDORA-2022-9136d646e4
- FEDORA-2022-9136d646e4
- FEDORA-2022-f624aad735
- FEDORA-2022-f624aad735
- FEDORA-2022-be6d83642a
- FEDORA-2022-be6d83642a
- GLSA-202210-03
- GLSA-202210-03
- https://security.netapp.com/advisory/ntap-20220715-0006/
- https://security.netapp.com/advisory/ntap-20220715-0006/
- DSA-5142
- DSA-5142
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Package cinnamon-desktop updated to version 5.4.2-alt2 for branch sisyphus_mipsel.
Closed bugs
Неверный дефолтный путь до обоев
Package wolfssl updated to version 5.5.1-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
- http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html
- http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html
- 20221030 wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites
- 20221030 wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites
- https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
- https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
- https://github.com/wolfSSL/wolfssl/releases
- https://github.com/wolfSSL/wolfssl/releases
- https://www.wolfssl.com/docs/security-vulnerabilities/
- https://www.wolfssl.com/docs/security-vulnerabilities/