ALT Linux Team

Branch p10_e2k update on 2023-08-29

2023-08-29

ALT-BU-2023-5227-1

Branch p10_e2k update bulletin.

ALT-PU-2023-5225-1

Package mbedtls updated to version 3.4.1-alt1 for branch p10_e2k.

Closed vulnerabilities

Published: 2023-01-10

BDU:2023-00041

Уязвимость реализации протоколов TLS и SSL программного обеспечения Mbed TLS, позволяющая нарушителю перезаписать данные в буфере памяти и восстановить закрытый RSA-ключ

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-12-16
Modified: 2024-11-21

CVE-2022-46392

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2022-12-16
Modified: 2024-11-21

CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-5226-1

Package branding-alt-education updated to version 10.2-alt2 for branch p10_e2k.

Closed bugs

Bug #47292

Добавить параметр LOGO="altlinux" в /etc/os-release

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top