ALT-BU-2022-6884-1
Branch p10_e2k update bulletin.
Package libarchive updated to version 3.6.1-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-01973
Уязвимость реализации функции zipx_lzma_alone_init() библиотеки архивирования libarchive, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-4217
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- https://access.redhat.com/security/cve/CVE-2021-4217
- https://access.redhat.com/security/cve/CVE-2021-4217
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
- https://bugzilla.redhat.com/show_bug.cgi?id=2044583
- https://bugzilla.redhat.com/show_bug.cgi?id=2044583
Closed vulnerabilities
BDU:2022-06445
Уязвимость криптографической хэш-функции SHA-3 программного пакета eXtended Keccak Code Package (XKCP), позволяющая нарушителю выполнить произвольный код
BDU:2022-07409
Уязвимость функции imageloadfont() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Modified: 2024-11-21
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://eprint.iacr.org/2023/331
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://mouha.be/sha-3-buffer-overflow/
- https://news.ycombinator.com/item?id=33281106
- https://news.ycombinator.com/item?id=35050307
- https://security.gentoo.org/glsa/202305-02
- https://www.debian.org/security/2022/dsa-5267
- https://www.debian.org/security/2022/dsa-5269
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://www.debian.org/security/2022/dsa-5269
- https://security.netapp.com/advisory/ntap-20230203-0001/
- https://www.debian.org/security/2022/dsa-5267
- https://security.gentoo.org/glsa/202305-02
- https://news.ycombinator.com/item?id=35050307
- https://news.ycombinator.com/item?id=33281106
- https://mouha.be/sha-3-buffer-overflow/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://eprint.iacr.org/2023/331
Closed vulnerabilities
BDU:2022-06445
Уязвимость криптографической хэш-функции SHA-3 программного пакета eXtended Keccak Code Package (XKCP), позволяющая нарушителю выполнить произвольный код
BDU:2022-07409
Уязвимость функции imageloadfont() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Modified: 2024-11-21
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://eprint.iacr.org/2023/331
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://mouha.be/sha-3-buffer-overflow/
- https://news.ycombinator.com/item?id=33281106
- https://news.ycombinator.com/item?id=35050307
- https://security.gentoo.org/glsa/202305-02
- https://www.debian.org/security/2022/dsa-5267
- https://www.debian.org/security/2022/dsa-5269
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://www.debian.org/security/2022/dsa-5269
- https://security.netapp.com/advisory/ntap-20230203-0001/
- https://www.debian.org/security/2022/dsa-5267
- https://security.gentoo.org/glsa/202305-02
- https://news.ycombinator.com/item?id=35050307
- https://news.ycombinator.com/item?id=33281106
- https://mouha.be/sha-3-buffer-overflow/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://eprint.iacr.org/2023/331
Package yandex-disk-indicator updated to version 1.11.0-alt2.git561c25c for branch p10_e2k.
Closed bugs
epm play yandex-disk: запуск сервиса Индиктор Yandex.Disk не удался