ALT-BU-2023-3715-1
Branch sisyphus_mipsel update bulletin.
Package gpupdate updated to version 0.9.12.5-alt1 for branch sisyphus_mipsel.
Closed bugs
Неправильно формируется значение для политики DiskCacheSize для Yandex
Package rpm-build-lua updated to version 0.4-alt1 for branch sisyphus_mipsel.
Closed bugs
Игнорировать дублирующиеся provides, которые начинаются с точки для сборки lua модулей
Требование на свой же so файл при сборке lua модулей
Package libtpms updated to version 0.9.6-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-01029
Уязвимость функции CryptParameterDecryption микропрограммного обеспечения криптопроцессора Trusted Platform Module (TPM), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-01188
Уязвимость функции CryptParameterDecryption микропрограммного обеспечения криптопроцессора Trusted Platform Module (TPM), позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2023-1017
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
Modified: 2025-03-07
CVE-2023-1018
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
Package etcd updated to version 3.5.9-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.
- https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md
- https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md
- https://github.com/etcd-io/etcd/pull/15656
- https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298
- https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md
- https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298
- https://github.com/etcd-io/etcd/pull/15656
- https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md
Package python3-module-django updated to version 3.2.19-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2025-01-29
CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://groups.google.com/forum/#%21forum/django-announce
- FEDORA-2023-0d20d09f2d
- FEDORA-2023-0d20d09f2d
- FEDORA-2023-8f9d949dbc
- FEDORA-2023-8f9d949dbc
- https://security.netapp.com/advisory/ntap-20230609-0008/
- https://security.netapp.com/advisory/ntap-20230609-0008/
- https://www.djangoproject.com/weblog/2023/may/03/security-releases/
- https://www.djangoproject.com/weblog/2023/may/03/security-releases/