ALT Linux Team

Branch sisyphus update on 2023-02-26

2023-02-26

ALT-BU-2023-2708-1

Branch sisyphus update bulletin.

ALT-PU-2023-1343-1

Package fdkaac updated to version 1.0.5-alt1 for branch sisyphus in task 315749.

Closed vulnerabilities

Published: 2022-08-17
Modified: 2024-11-21

CVE-2022-37781

fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-06-14
Modified: 2025-01-03

CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2023-06-14
Modified: 2025-01-03

CVE-2023-34824

fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2023-1344-1

Package kernel-image-un-def updated to version 6.1.14-alt1 for branch sisyphus in task 315787.

Closed vulnerabilities

Published: 2023-02-21

BDU:2023-02532

Уязвимость функции _copy_from_user() в модуле lib/usercopy.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2023-05-25
Modified: 2024-11-21

CVE-2023-0459

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2023-1345-1

Package sddm-sugar-light-theme updated to version 1.0-alt1.2 for branch sisyphus in task 315756.

Closed bugs

Bug #45177

Виртуальная клавиатура закрывает обзор темы в sddm-sugar-light-theme

ALT-PU-2023-1346-1

Package kernel-image-std-def updated to version 5.15.96-alt1 for branch sisyphus in task 315791.

Closed vulnerabilities

Published: 2023-02-21

BDU:2023-02532

Уязвимость функции _copy_from_user() в модуле lib/usercopy.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2023-05-25
Modified: 2024-11-21

CVE-2023-0459

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2023-1348-1

Package jitsi-videobridge updated to version 2.1-alt0.8 for branch sisyphus in task 315846.

Closed bugs

Bug #45385

Не стартует сервис jitsi-videobridge

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top