ALT-BU-2023-4207-1
Branch p10_e2k update bulletin.
Closed bugs
freerdp: new version
Не аутентифицирует через PAM
Closed bugs
не работает обзор файлов снимков
На вкладке "Пользователи" отображается только пользователь root
Closed vulnerabilities
BDU:2023-03348
Уязвимость функции decode_main_header() (libavformat/nutdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-3109
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=2153551
- https://bugzilla.redhat.com/show_bug.cgi?id=2153551
- https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
- https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
- [debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update
- [debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update
- FEDORA-2023-1e24db98a6
- FEDORA-2023-1e24db98a6
- DSA-5394
- DSA-5394
Modified: 2024-11-21
CVE-2022-3341
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
- https://bugzilla.redhat.com/show_bug.cgi?id=2157054
- https://bugzilla.redhat.com/show_bug.cgi?id=2157054
- https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e
- https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e
- [debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update
- [debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update
Modified: 2024-11-21
CVE-2022-3964
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-3247
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-3247
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-3247
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.