Branch sisyphus update bulletin.

Package libarchive updated to version 3.6.0-alt2 for branch sisyphus in task 309029.

Published: 2022-02-25

BDU:2022-01973

Уязвимость реализации функции zipx_lzma_alone_init() библиотеки архивирования libarchive, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: CRITICAL (9.4) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C

References:

CVE-2022-26280

Published: 2022-03-28
Modified: 2024-11-21

CVE-2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

References:

Package libarchive updated to version 3.6.1-alt1 for branch sisyphus in task 309072.

Published: 2022-02-25

BDU:2022-01973

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: CRITICAL (9.4) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C

References:

CVE-2022-26280

Published: 2022-03-28
Modified: 2024-11-21

CVE-2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

References:

Package erlang updated to version 25.1.1-alt1 for branch sisyphus in task 308885.

Published: 2022-09-21
Modified: 2025-05-27

CVE-2022-37026

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package samba updated to version 4.16.6-alt1 for branch sisyphus in task 309054.

Published: 2022-10-13

BDU:2022-06493

Уязвимость функций unwrap_des() и unwrap_des3() библиотеки GSSAPI пакета Heimdal программы сетевого взаимодействия Samba

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/Au:S/C:N/I:C/A:P

References:

CVE-2022-3437

Published: 2023-01-12
Modified: 2024-11-21

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2022-10-28

ALT-BU-2022-6800-1

ALT-PU-2022-2939-1

Closed vulnerabilities

BDU:2022-01973

CVE-2022-26280

ALT-PU-2022-2940-1

Closed vulnerabilities

BDU:2022-01973

CVE-2022-26280

ALT-PU-2022-2944-1

Closed vulnerabilities

CVE-2022-37026

ALT-PU-2022-2946-1

Closed vulnerabilities

BDU:2022-06493

CVE-2022-3437