ALT-BU-2023-4030-1
Branch sisyphus_riscv64 update bulletin.
Package rpm-build updated to version 4.0.4.189-alt1 for branch sisyphus_riscv64.
Closed bugs
/usr/lib/rpm/provided_symbols ignores symbols with
Package ruby updated to version 3.1.2-alt2.1 for branch sisyphus_riscv64.
Closed bugs
ruby: сборочная зависимость от самой себя
Package sysstat updated to version 12.7.4-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-01-22
CVE-2023-33204
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
- https://github.com/sysstat/sysstat/pull/360
- https://github.com/sysstat/sysstat/pull/360
- [debian-lts-announce] 20230527 [SECURITY] [DLA 3434-1] sysstat security update
- [debian-lts-announce] 20230527 [SECURITY] [DLA 3434-1] sysstat security update
- FEDORA-2023-4706cef256
- FEDORA-2023-4706cef256
- FEDORA-2023-ac947ec260
- FEDORA-2023-ac947ec260
Package php8.1 updated to version 8.1.20-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-3247
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.