Branch sisyphus update bulletin.

Package krb5 updated to version 1.21.1-alt1 for branch sisyphus in task 324679.

Published: 2023-08-07
Modified: 2024-11-21

CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Package python3-module-cryptography updated to version 41.0.2-alt1 for branch sisyphus in task 324647.

Published: 2023-07-14

BDU:2023-05436

Уязвимость пакета cryptography интерпретатора языка программирования Python, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю выполнить атаку типа "человек посередине"

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

CVE-2023-38325

Published: 2023-07-14
Modified: 2024-11-21

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Version: 2.1.0

Branch sisyphus update on 2023-07-12

ALT-BU-2023-4343-2

ALT-PU-2023-4333-1

Closed vulnerabilities

CVE-2023-36054

ALT-PU-2023-8444-1

Closed vulnerabilities

BDU:2023-05436

CVE-2023-38325