ALT-BU-2023-7607-1
Branch sisyphus_riscv64 update bulletin.
Package tang updated to version 14-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
- https://access.redhat.com/security/cve/CVE-2023-1672
- https://access.redhat.com/security/cve/CVE-2023-1672
- RHBZ#2180999
- RHBZ#2180999
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://www.openwall.com/lists/oss-security/2023/06/15/1
- https://www.openwall.com/lists/oss-security/2023/06/15/1
Package uwsgi updated to version 2.0.23-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-02021
Уязвимость компонента mod_proxy_uwsgi веб-сервера Apache HTTP Server связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"
Modified: 2025-02-13
CVE-2023-27522
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
- https://security.gentoo.org/glsa/202309-01
- https://security.gentoo.org/glsa/202309-01
Package samba updated to version 4.19.2-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-07419
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-5568
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
- https://access.redhat.com/security/cve/CVE-2023-5568
- https://access.redhat.com/security/cve/CVE-2023-5568
- RHBZ#2245174
- RHBZ#2245174
- https://bugzilla.samba.org/show_bug.cgi?id=15491
- https://bugzilla.samba.org/show_bug.cgi?id=15491
- https://security.netapp.com/advisory/ntap-20231124-0007/
- https://www.samba.org/samba/history/samba-4.19.2.html
- https://www.samba.org/samba/history/samba-4.19.2.html