Branch sisyphus update bulletin.

Package binutils updated to version 2.40-alt1 for branch sisyphus in task 324269.

Published: 2023-01-27

BDU:2023-00576

Уязвимость программного средства разработки GNU Binutils, связанная с разыменованием нулевого указателя, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

CVE-2022-4285

Published: 2022-08-26
Modified: 2024-11-21

CVE-2022-38533

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2023-01-27
Modified: 2025-03-28

CVE-2022-4285

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package pax-utils updated to version 1.3.7-alt3 for branch sisyphus in task 324355.

Неверный системный вызов при использовании $ pspax

Version: 2.1.0

Branch sisyphus update on 2023-07-07

ALT-BU-2023-4224-1

ALT-PU-2023-4098-1

Closed vulnerabilities

BDU:2023-00576

CVE-2022-38533

CVE-2022-4285

ALT-PU-2023-4123-1

Closed bugs

Bug #46775