ALT-BU-2023-2306-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-09-13
BDU:2023-02340
Уязвимость функции pkgconf_tuple_parse (libpkgconf/tuple.c) программного средства настройки флагов компилятора и компоновщика для библиотек разработки pkgconf, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-02
CVE-2023-24056
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
- https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059
- https://github.com/pkgconf/pkgconf/tags
- https://nullprogram.com/blog/2023/01/18/
- https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059
- https://github.com/pkgconf/pkgconf/tags
- https://nullprogram.com/blog/2023/01/18/
Closed bugs
Read /etc/cgconfig.d/* on start/stop
Closed vulnerabilities
Modified: 2025-03-19
BDU:2023-00210
Уязвимость функции sudoedit программы системного администрирования Sudo, позволяющая нарушителю повысить свои привилегии
Modified: 2025-04-04
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
- http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html
- http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html
- http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html
- http://seclists.org/fulldisclosure/2023/Aug/21
- http://www.openwall.com/lists/oss-security/2023/01/19/1
- https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/
- https://security.gentoo.org/glsa/202305-12
- https://security.netapp.com/advisory/ntap-20230127-0015/
- https://support.apple.com/kb/HT213758
- https://www.debian.org/security/2023/dsa-5321
- https://www.sudo.ws/security/advisories/sudoedit_any/
- https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
- http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html
- http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html
- http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html
- http://seclists.org/fulldisclosure/2023/Aug/21
- http://www.openwall.com/lists/oss-security/2023/01/19/1
- https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/
- https://security.gentoo.org/glsa/202305-12
- https://security.netapp.com/advisory/ntap-20230127-0015/
- https://support.apple.com/kb/HT213758
- https://www.debian.org/security/2023/dsa-5321
- https://www.sudo.ws/security/advisories/sudoedit_any/
- https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
Closed bugs
уязвимость (CVE-2023-22809)
Closed vulnerabilities
Modified: 2024-04-04
BDU:2023-02322
Уязвимость компонента BGP OPEN Message Handler программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting связана с выходом операции за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Modified: 2024-04-04
BDU:2023-02672
Уязвимость функции bgp_open_option_parse() демона bgpd программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-04-04
BDU:2023-02673
Уязвимость демона bgpd программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-37032
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
- https://bugzilla.suse.com/show_bug.cgi?id=1202023
- https://github.com/FRRouting/frr/commit/6d58272b4cf96f0daa846210dd2104877900f921
- https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
- https://lists.debian.org/debian-lts-announce/2022/11/msg00039.html
- https://www.debian.org/security/2023/dsa-5362
- https://bugzilla.suse.com/show_bug.cgi?id=1202023
- https://github.com/FRRouting/frr/commit/6d58272b4cf96f0daa846210dd2104877900f921
- https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
- https://lists.debian.org/debian-lts-announce/2022/11/msg00039.html
- https://www.debian.org/security/2023/dsa-5362
Modified: 2025-01-30
CVE-2022-40302
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.
- https://github.com/FRRouting/frr/releases
- https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
- https://www.debian.org/security/2023/dsa-5495
- https://github.com/FRRouting/frr/releases
- https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
- https://www.debian.org/security/2023/dsa-5495
Modified: 2024-11-21
CVE-2022-40318
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.
- https://github.com/FRRouting/frr/releases
- https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
- https://www.debian.org/security/2023/dsa-5495
- https://github.com/FRRouting/frr/releases
- https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
- https://www.debian.org/security/2023/dsa-5495
Modified: 2024-11-21
CVE-2022-43681
An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.