ALT-BU-2023-2439-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2023-01258
Уязвимость функции ares_set_sortlist библиотеки асинхронных DNS-запросов c-ares, позволяющая нарушителю вызвать отказ в обслуживании или оказать ограниченное влияния на конфиденциальность и целостность
Modified: 2024-11-21
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
- https://bugzilla.redhat.com/show_bug.cgi?id=2168631
- https://github.com/c-ares/c-ares/issues/496
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
- https://security.gentoo.org/glsa/202401-02
- https://bugzilla.redhat.com/show_bug.cgi?id=2168631
- https://github.com/c-ares/c-ares/issues/496
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
- https://security.gentoo.org/glsa/202401-02
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-0645
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159