ALT Linux Team

Branch sisyphus_riscv64 update on 2022-11-05

2022-11-05

ALT-BU-2022-6925-1

Branch sisyphus_riscv64 update bulletin.

ALT-PU-2022-6923-1

Package LibreSSL updated to version 3.6.1-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2023-04-12
Modified: 2025-02-10

CVE-2022-48437

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:

ALT-PU-2022-6924-1

Package libpixman updated to version 0.42.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2022-11-03

BDU:2022-06667

Уязвимость функции rasterize_edges_8 библиотеки Pixman, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-11-03
Modified: 2024-11-21

CVE-2022-44638

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top