ALT Linux Team

Branch sisyphus update on 2023-04-26

2023-04-26

ALT-BU-2023-3284-1

Branch sisyphus update bulletin.

ALT-PU-2023-1669-1

Package update-kernel updated to version 1.6-alt1 for branch sisyphus in task 319248.

Closed bugs

Bug #44158

Устанавливает модуль ядра, который не используется текущим ядром

ALT-PU-2023-1670-1

Package yandex-browser-stable updated to version 23.3.1.946-alt1 for branch sisyphus in task 319270.

Closed vulnerabilities

Published: 2023-04-14

BDU:2023-02114

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-04-14
Modified: 2025-02-19

CVE-2023-2033

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-1673-1

Package scribus updated to version 1.5.8-alt2 for branch sisyphus in task 319310.

Closed bugs

Bug #44772

FTBFS нужен для обновления python3

ALT-PU-2023-1674-1

Package libxml2 updated to version 2.10.4-alt1 for branch sisyphus in task 319317.

Closed vulnerabilities

Published: 2023-04-24

BDU:2023-03298

Уязвимость функции xmlSchemaFixupComplexType (xmlschemas.c) библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2023-04-24

BDU:2023-03302

Уязвимость функции xmlDictComputeFastKey (dict.c) библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2023-04-25
Modified: 2024-11-21

CVE-2023-28484

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2023-04-25
Modified: 2025-02-05

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top