ALT-BU-2023-3290-1
Branch sisyphus_mipsel update bulletin.
Package cabextract updated to version 1.11-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2019-01362
Уязвимость библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
- RHSA-2019:2049
- RHSA-2019:2049
- https://bugs.debian.org/911640
- https://bugs.debian.org/911640
- https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
- https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
- [debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update
- [debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update
- GLSA-201903-20
- GLSA-201903-20
- USN-3814-1
- USN-3814-1
- USN-3814-2
- USN-3814-2
- USN-3814-3
- USN-3814-3
- https://www.cabextract.org.uk/#changes
- https://www.cabextract.org.uk/#changes
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.starwindsoftware.com/security/sw-20181213-0001/
- https://www.starwindsoftware.com/security/sw-20181213-0001/
Package python3-module-Cython updated to version 0.29.34-alt1 for branch sisyphus_mipsel.
Closed bugs
Provide PEP503-normalized name
Package python3-module-snowballstemmer updated to version 2.2.0-alt1 for branch sisyphus_mipsel.
Closed bugs
snowballstemmer: new version
Package scribus updated to version 1.5.8-alt2 for branch sisyphus_mipsel.
Closed bugs
FTBFS нужен для обновления python3
Package libxml2 updated to version 2.10.4-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-03298
Уязвимость функции xmlSchemaFixupComplexType (xmlschemas.c) библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03302
Уязвимость функции xmlDictComputeFastKey (dict.c) библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-28484
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://security.netapp.com/advisory/ntap-20240201-0005/
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
- https://security.netapp.com/advisory/ntap-20240201-0005/
- https://security.netapp.com/advisory/ntap-20230601-0006/
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
Modified: 2025-02-05
CVE-2023-29469
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://security.netapp.com/advisory/ntap-20230601-0006/
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/510