ALT-BU-2022-6819-1
Branch sisyphus_riscv64 update bulletin.
Package openslp updated to version 2.0.0-alt3 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-4217
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- https://access.redhat.com/security/cve/CVE-2021-4217
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
- https://bugzilla.redhat.com/show_bug.cgi?id=2044583
- https://access.redhat.com/security/cve/CVE-2021-4217
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
- https://bugzilla.redhat.com/show_bug.cgi?id=2044583
Package libarchive updated to version 3.6.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-01973
Уязвимость реализации функции zipx_lzma_alone_init() библиотеки архивирования libarchive, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
- https://github.com/libarchive/libarchive/issues/1672
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBYGJICQ7FKDZ2IIOAH423IHWQ6MNONQ/
- https://security.gentoo.org/glsa/202208-26
- https://github.com/libarchive/libarchive/issues/1672
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBYGJICQ7FKDZ2IIOAH423IHWQ6MNONQ/
- https://security.gentoo.org/glsa/202208-26
Package samba updated to version 4.16.6-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-06493
Уязвимость функций unwrap_des() и unwrap_des3() библиотеки GSSAPI пакета Heimdal программы сетевого взаимодействия Samba
Modified: 2024-11-21
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
- http://www.openwall.com/lists/oss-security/2023/02/08/1
- https://access.redhat.com/security/cve/CVE-2022-3437
- https://bugzilla.redhat.com/show_bug.cgi?id=2137774
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
- https://security.gentoo.org/glsa/202309-06
- https://security.gentoo.org/glsa/202310-06
- https://security.netapp.com/advisory/ntap-20230216-0008/
- https://www.samba.org/samba/security/CVE-2022-3437.html
- http://www.openwall.com/lists/oss-security/2023/02/08/1
- https://access.redhat.com/security/cve/CVE-2022-3437
- https://bugzilla.redhat.com/show_bug.cgi?id=2137774
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
- https://security.gentoo.org/glsa/202309-06
- https://security.gentoo.org/glsa/202310-06
- https://security.netapp.com/advisory/ntap-20230216-0008/
- https://www.samba.org/samba/security/CVE-2022-3437.html