ALT-BU-2022-7415-1
Branch p10_e2k update bulletin.
Package xfce4-power-manager updated to version 4.16.0-alt2 for branch p10_e2k.
Closed bugs
Менеджер питания и Значок в системном лотке
Package libarchive updated to version 3.6.1-alt2 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-07496
Уязвимость функции calloc() библиотеки архивирования libarchive, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-36227
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
- https://bugs.gentoo.org/882521
- https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215
- https://github.com/libarchive/libarchive/issues/1754
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update
- FEDORA-2022-e15be0091f
- GLSA-202309-14
- https://bugs.gentoo.org/882521
- GLSA-202309-14
- FEDORA-2022-e15be0091f
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update
- https://github.com/libarchive/libarchive/issues/1754
- https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215
Closed vulnerabilities
BDU:2023-02688
Уязвимость функции XML_ExternalEntityParserCreate библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- [oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- [oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- [oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- [oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- https://github.com/libexpat/libexpat/issues/649
- https://github.com/libexpat/libexpat/issues/649
- https://github.com/libexpat/libexpat/pull/616
- https://github.com/libexpat/libexpat/pull/616
- https://github.com/libexpat/libexpat/pull/650
- https://github.com/libexpat/libexpat/pull/650
- [debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update
- [debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update
- FEDORA-2022-3cf0e7ebc7
- FEDORA-2022-3cf0e7ebc7
- FEDORA-2022-ae2559a8f4
- FEDORA-2022-ae2559a8f4
- FEDORA-2022-49db80f821
- FEDORA-2022-49db80f821
- FEDORA-2022-c43235716e
- FEDORA-2022-c43235716e
- FEDORA-2022-f3a939e960
- FEDORA-2022-f3a939e960
- FEDORA-2022-5f1e2e9016
- FEDORA-2022-5f1e2e9016
- GLSA-202210-38
- GLSA-202210-38
- https://security.netapp.com/advisory/ntap-20221118-0007/
- https://security.netapp.com/advisory/ntap-20221118-0007/
- DSA-5266
- DSA-5266