ALT-BU-2023-2596-1
Branch sisyphus update bulletin.
Closed bugs
Could not open libsqlite3.so
Closed bugs
Поменять значок меню через gsettings
Closed vulnerabilities
Modified: 2025-03-19
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
- https://access.redhat.com/security/cve/CVE-2023-0361
- https://access.redhat.com/security/cve/CVE-2023-0361
- https://github.com/tlsfuzzer/tlsfuzzer/pull/679
- https://github.com/tlsfuzzer/tlsfuzzer/pull/679
- https://gitlab.com/gnutls/gnutls/-/issues/1050
- https://gitlab.com/gnutls/gnutls/-/issues/1050
- [debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update
- [debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update
- FEDORA-2023-1c4a6a47ae
- FEDORA-2023-1c4a6a47ae
- FEDORA-2023-4fc4c33f2b
- FEDORA-2023-4fc4c33f2b
- FEDORA-2023-5b378b82b3
- FEDORA-2023-5b378b82b3
- https://security.netapp.com/advisory/ntap-20230324-0005/
- https://security.netapp.com/advisory/ntap-20230324-0005/
- https://security.netapp.com/advisory/ntap-20230725-0005/
- https://security.netapp.com/advisory/ntap-20230725-0005/
Package python3-module-seaborn updated to version 0.12.2-alt1 for branch sisyphus in task 314843.
Closed bugs
Собрать без python3-module-pytest-runner
Package kernel-image-std-kvm updated to version 5.10.168-alt1 for branch sisyphus in task 315377.
Closed vulnerabilities
BDU:2023-01205
Уязвимость функции rds_rm_zerocopy_callback() в модуле net/rds/message.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-1078
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.
- [oss-security] 20231105 CVE-2023-1078: Linux: rds_rm_zerocopy_callback() bugs
- [oss-security] 20231105 CVE-2023-1078: Linux: rds_rm_zerocopy_callback() bugs
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://security.netapp.com/advisory/ntap-20230505-0004/
- https://security.netapp.com/advisory/ntap-20230505-0004/