ALT Linux Team

Branch sisyphus_mipsel update on 2023-03-31

2023-03-31

ALT-BU-2023-3030-1

Branch sisyphus_mipsel update bulletin.

ALT-PU-2023-3024-1

Package alterator-x11 updated to version 1.98.15-alt1 for branch sisyphus_mipsel.

Closed bugs

Bug #45668

video_scan -s drivers завершается ошибкой

ALT-PU-2023-3025-1

Package python3-module-poetry-core updated to version 1.5.2-alt1 for branch sisyphus_mipsel.

Closed bugs

Bug #43773

poetry-core: new version

ALT-PU-2023-3026-1

Package libmicrohttpd updated to version 0.9.76-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2023-02-28
Modified: 2024-11-21

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2023-3027-1

Package faad updated to version 2.10.1-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2020-08-16

BDU:2022-01663

Уязвимость функции ftypin компонента mp4read.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2020-08-30

BDU:2022-01666

Уязвимость функции sbr_qmf_analysis_32 компонента sbr_qmf.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2020-09-04

BDU:2022-01667

Уязвимость функции lt_prediction компонента lt_predict.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-09-20

BDU:2022-01813

Уязвимость функции get_sample() компонента output.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-08-30

BDU:2022-01814

Уязвимость функции sbr_qmf_synthesis_64 компонента sbr_qmf.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-09-20
Modified: 2024-11-21

CVE-2021-32273

An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-09-20
Modified: 2024-11-21

CVE-2021-32274

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-09-20
Modified: 2024-11-21

CVE-2021-32276

An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2021-09-20
Modified: 2024-11-21

CVE-2021-32277

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-09-20
Modified: 2024-11-21

CVE-2021-32278

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-3028-1

Package libsixel updated to version 1.10.3-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2020-04-12
Modified: 2024-11-21

CVE-2020-11721

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-11-20
Modified: 2024-11-21

CVE-2020-19668

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2022-04-08
Modified: 2024-11-21

CVE-2021-40656

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-3029-1

Package glmark2 updated to version 2021.12-alt3 for branch sisyphus_mipsel.

Closed bugs

Bug #45706

Добавить пакету glmark2-es2 зависимость на libGLES

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top