ALT-BU-2023-3038-1
Branch sisyphus_riscv64 update bulletin.
Package alterator-x11 updated to version 1.98.15-alt1 for branch sisyphus_riscv64.
Closed bugs
video_scan -s drivers завершается ошибкой
Package python3-module-poetry-core updated to version 1.5.2-alt1 for branch sisyphus_riscv64.
Closed bugs
poetry-core: new version
Package libmicrohttpd updated to version 0.9.76-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
- https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238
- https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238
- https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd
- https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd
- [debian-lts-announce] 20230330 [SECURITY] [DLA 3374-1] libmicrohttpd security update
- [debian-lts-announce] 20230330 [SECURITY] [DLA 3374-1] libmicrohttpd security update
- https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
- https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
Package faad updated to version 2.10.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-01663
Уязвимость функции ftypin компонента mp4read.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-01666
Уязвимость функции sbr_qmf_analysis_32 компонента sbr_qmf.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-01667
Уязвимость функции lt_prediction компонента lt_predict.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-01813
Уязвимость функции get_sample() компонента output.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01814
Уязвимость функции sbr_qmf_synthesis_64 компонента sbr_qmf.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-32273
An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.
Modified: 2024-11-21
CVE-2021-32274
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.
Modified: 2024-11-21
CVE-2021-32276
An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.
Modified: 2024-11-21
CVE-2021-32277
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.
Modified: 2024-11-21
CVE-2021-32278
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.
Package xorg-server updated to version 21.1.8-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-02146
Уязвимость программного пакета X.Org Server, связанная с использованием памяти после ее освобождения, позволяющая нарушителю повысить свои привилегии
Modified: 2025-02-14
CVE-2023-1393
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110
- FEDORA-2023-b7835960ac
- FEDORA-2023-b7835960ac
- FEDORA-2023-eb3c27ff25
- FEDORA-2023-eb3c27ff25
- FEDORA-2023-66d5af0278
- FEDORA-2023-66d5af0278
- FEDORA-2023-fe18ae3e85
- FEDORA-2023-fe18ae3e85
- FEDORA-2023-239bae4b57
- FEDORA-2023-239bae4b57
- FEDORA-2023-f754e7abfd
- FEDORA-2023-f754e7abfd
- FEDORA-2023-b87fd3a628
- FEDORA-2023-b87fd3a628
- FEDORA-2023-6f3f9ee721
- FEDORA-2023-6f3f9ee721
- GLSA-202305-30
- GLSA-202305-30
- https://www.openwall.com/lists/oss-security/2023/03/29/1
- https://www.openwall.com/lists/oss-security/2023/03/29/1
Package glmark2 updated to version 2021.12-alt3 for branch sisyphus_riscv64.
Closed bugs
Добавить пакету glmark2-es2 зависимость на libGLES
Package libtool_2.4 updated to version 2.4.7-alt2 for branch sisyphus_riscv64.
Closed bugs
libtool_2.4: поддержка архитектуры LoongArch