CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package ansible-core updated to version 2.14.3-alt3 for branch sisyphus_mipsel.

Требует resolvelib версии меньшей, чем в репозитории

Ошибка запуска ansible-test (модуль удалён, но бинарник всё ещё упакован)

Package strongswan updated to version 5.9.10-alt1 for branch sisyphus_mipsel.

Published: 2023-03-03

BDU:2023-02129

Уязвимость демона strongSwan, связанная с ошибками при проверке сертификата в методах EAP на основе TLS, позволяющая нарушителю выполнить отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-26463

Published: 2023-04-15
Modified: 2025-02-08

CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch sisyphus_mipsel update on 2023-03-06

ALT-BU-2023-2776-1

ALT-PU-2023-2772-1

Closed bugs

Bug #45435

ALT-PU-2023-2773-1

Closed vulnerabilities

CVE-2021-43045

ALT-PU-2023-2774-1

Closed bugs

Bug #44728

Bug #45456

ALT-PU-2023-2775-1

Closed vulnerabilities

BDU:2023-02129

CVE-2023-26463