ALT-BU-2023-5216-1
Branch sisyphus update bulletin.
Package open-vm-tools updated to version 12.2.5-alt3 for branch sisyphus in task 328068.
Closed bugs
Миграция на /run и /run/lock
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-40360
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
- https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
- https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
- https://gitlab.com/qemu-project/qemu/-/issues/1815
- https://gitlab.com/qemu-project/qemu/-/issues/1815
- https://security.netapp.com/advisory/ntap-20230915-0004/
- https://security.netapp.com/advisory/ntap-20230915-0004/
- https://www.qemu.org/docs/master/system/security.html
- https://www.qemu.org/docs/master/system/security.html
Closed vulnerabilities
BDU:2022-05776
Уязвимость компонента mpz/inp_raw.c библиотеки арифметических операций GMP на 32-разрядных платформах, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-43618
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
- 20221016 Re: over 2000 packages depend on abort()ing libgmp
- 20221016 Re: over 2000 packages depend on abort()ing libgmp
- [oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type
- [oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type
- https://bugs.debian.org/994405
- https://bugs.debian.org/994405
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- [debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update
- [debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update
- GLSA-202309-13
- GLSA-202309-13
- https://security.netapp.com/advisory/ntap-20221111-0001/
- https://security.netapp.com/advisory/ntap-20221111-0001/
Closed bugs
icewmbg segfault при запуске на i586
После обновления imlib2 до 1.12.0-alt1 на i586 icewm падает с segfault
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-6673
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
- [oss-security] 20150825 Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp
- [oss-security] 20150825 Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp
- https://bugzilla.redhat.com/show_bug.cgi?id=1251749
- https://bugzilla.redhat.com/show_bug.cgi?id=1251749
- [debian-lts-announce] 20191215 [SECURITY] [DLA 2035-1] libpgf security update
- [debian-lts-announce] 20191215 [SECURITY] [DLA 2035-1] libpgf security update
- https://security-tracker.debian.org/tracker/CVE-2015-6673/
- https://security-tracker.debian.org/tracker/CVE-2015-6673/
- https://sourceforge.net/p/libpgf/code/147/
- https://sourceforge.net/p/libpgf/code/147/
- https://sourceforge.net/p/libpgf/code/148/
- https://sourceforge.net/p/libpgf/code/148/
- https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL
- https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL
- USN-4554-1
- USN-4554-1
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-39976
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
- https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8
- https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8
- https://github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8
- https://github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8
- https://github.com/ClusterLabs/libqb/pull/490
- https://github.com/ClusterLabs/libqb/pull/490
- FEDORA-2023-5a717dd33d
- FEDORA-2023-5a717dd33d