ALT-BU-2023-5216-1
Branch sisyphus update bulletin.
Package open-vm-tools updated to version 12.2.5-alt3 for branch sisyphus in task 328068.
Closed bugs
Миграция на /run и /run/lock
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-40360
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
- https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
- https://gitlab.com/qemu-project/qemu/-/issues/1815
- https://security.netapp.com/advisory/ntap-20230915-0004/
- https://www.qemu.org/docs/master/system/security.html
- https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
- https://gitlab.com/qemu-project/qemu/-/issues/1815
- https://security.netapp.com/advisory/ntap-20230915-0004/
- https://www.qemu.org/docs/master/system/security.html
Closed vulnerabilities
Modified: 2025-11-19
BDU:2022-05776
Уязвимость компонента mpz/inp_raw.c библиотеки арифметических операций GMP на 32-разрядных платформах, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-43618
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
- http://seclists.org/fulldisclosure/2022/Oct/8
- http://www.openwall.com/lists/oss-security/2022/10/13/3
- https://bugs.debian.org/994405
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
- https://security.gentoo.org/glsa/202309-13
- https://security.netapp.com/advisory/ntap-20221111-0001/
- http://seclists.org/fulldisclosure/2022/Oct/8
- http://www.openwall.com/lists/oss-security/2022/10/13/3
- https://bugs.debian.org/994405
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
- https://security.gentoo.org/glsa/202309-13
- https://security.netapp.com/advisory/ntap-20221111-0001/
Closed bugs
icewmbg segfault при запуске на i586
После обновления imlib2 до 1.12.0-alt1 на i586 icewm падает с segfault
Closed vulnerabilities
Modified: 2025-04-20
CVE-2015-6673
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
- http://www.openwall.com/lists/oss-security/2015/08/25/9
- https://bugzilla.redhat.com/show_bug.cgi?id=1251749
- https://lists.debian.org/debian-lts-announce/2019/12/msg00017.html
- https://security-tracker.debian.org/tracker/CVE-2015-6673/
- https://sourceforge.net/p/libpgf/code/147/
- https://sourceforge.net/p/libpgf/code/148/
- https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL
- https://usn.ubuntu.com/4554-1/
- http://www.openwall.com/lists/oss-security/2015/08/25/9
- https://bugzilla.redhat.com/show_bug.cgi?id=1251749
- https://lists.debian.org/debian-lts-announce/2019/12/msg00017.html
- https://security-tracker.debian.org/tracker/CVE-2015-6673/
- https://sourceforge.net/p/libpgf/code/147/
- https://sourceforge.net/p/libpgf/code/148/
- https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL
- https://usn.ubuntu.com/4554-1/
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39976
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
- https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8
- https://github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8
- https://github.com/ClusterLabs/libqb/pull/490
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KECNF7LFBPE57XSBT6EM7ACVMIBP63WH/
- https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8
- https://github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8
- https://github.com/ClusterLabs/libqb/pull/490
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KECNF7LFBPE57XSBT6EM7ACVMIBP63WH/