ALT-BU-2023-2650-2
Branch sisyphus update bulletin.
Package python3-module-dropbox updated to version 11.36.0-alt1 for branch sisyphus in task 315180.
Closed bugs
Собрать без python3-module-pytest-runner
Package pcsc-lite-ccid updated to version 1.5.2-alt1 for branch sisyphus in task 315492.
Closed bugs
картридер не видит смарт-карту
Package python3-module-numdifftools updated to version 0.9.41-alt1 for branch sisyphus in task 314935.
Closed bugs
Собрать без python3-module-pytest-runner
Package plasma5-workspace updated to version 5.26.5-alt7 for branch sisyphus in task 315519.
Closed bugs
Нет locale-gen
Package alterator-auth updated to version 0.44.0-alt1 for branch sisyphus in task 315515.
Closed bugs
При вводе клиента в домен FreeIPA через альтератор показывается ненужный чекбокс про групповые политики
Package plasma5-workspace updated to version 5.26.5-alt8 for branch sisyphus in task 315533.
Closed bugs
Нет locale-gen
Package kernel-image-rt updated to version 5.10.168-alt1.rt83 for branch sisyphus in task 315480.
Closed vulnerabilities
Modified: 2025-01-29
BDU:2023-01205
Уязвимость функции rds_rm_zerocopy_callback() в модуле net/rds/message.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-05
CVE-2023-1078
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.
- http://www.openwall.com/lists/oss-security/2023/11/05/1
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230505-0004/
- http://www.openwall.com/lists/oss-security/2023/11/05/1
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230505-0004/
Closed vulnerabilities
Modified: 2024-04-17
BDU:2023-01753
Уязвимость веб-браузера Epiphany, связанная с недостатками контроля доступа, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2025-03-18
CVE-2023-26081
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
- https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
- https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275
- https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/
- https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
- https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275
- https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/
Package python3-module-scipy updated to version 1.10.0-alt1 for branch sisyphus in task 314986.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-25399
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
- http://www.square16.org/achievement/cve-2023-25399/
- https://github.com/scipy/scipy/issues/16235
- https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
- https://github.com/scipy/scipy/pull/16397
- http://www.square16.org/achievement/cve-2023-25399/
- https://github.com/scipy/scipy/issues/16235
- https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
- https://github.com/scipy/scipy/pull/16397
Modified: 2024-11-21
CVE-2023-29824
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
- http://www.square16.org/achievement/cve-2023-29824/
- https://github.com/scipy/scipy/issues/14713
- https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
- https://github.com/scipy/scipy/pull/15013
- http://www.square16.org/achievement/cve-2023-29824/
- https://github.com/scipy/scipy/issues/14713
- https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
- https://github.com/scipy/scipy/pull/15013