CVE-2023-33204

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package libportmidi updated to version 2.0.4-alt1 for branch sisyphus_riscv64.

portmidi: development is moved to github, ver. 2.0.2 is out

Package qt6-tools updated to version 6.4.2-alt2 for branch sisyphus_riscv64.

qt6-tools: ошибка сборки с clang 16

Package python3 updated to version 3.11.4-alt2 for branch sisyphus_riscv64.

Published: 2022-11-09
Modified: 2024-11-21

CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

python3: поддержка архитектуры LoongArch

python3: упрощение начальной (bootstrap) сборки

Version: 2.1.0

Branch sisyphus_riscv64 update on 2023-06-23

ALT-BU-2023-3956-1

ALT-PU-2023-3950-1

Closed bugs

Bug #46375

ALT-PU-2023-3951-1

Closed bugs

Bug #46429

ALT-PU-2023-3952-1

Closed vulnerabilities

CVE-2023-33204

ALT-PU-2023-3953-1

Closed bugs

Bug #41760

ALT-PU-2023-3954-1

Closed bugs

Bug #46478

ALT-PU-2023-3955-1

Closed vulnerabilities

CVE-2022-45061

Closed bugs

Bug #46170

Bug #46171