ALT-BU-2023-8367-1
Branch sisyphus_loongarch64 update bulletin.
Package mdadm updated to version 4.2-alt5 for branch sisyphus_loongarch64.
Closed bugs
Не отображаются SATA-диски, включенные в RAID (Rapid Storage Technology)
Package guacamole-server updated to version 1.5.4-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-02-13
CVE-2023-43826
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.
Package invesalius updated to version 3.1.99998-alt2.git.90a1be13 for branch sisyphus_loongarch64.
Closed bugs
InVesalius не запускается.
Package guacamole updated to version 1.5.4-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-02-13
CVE-2023-43826
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.
Package python3-module-django updated to version 4.2.8-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2023-08741
Уязвимость программной платформы для веб-приложений Django, связанная c неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании (DoS)
Modified: 2024-11-21
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://groups.google.com/forum/#%21forum/django-announce
- https://security.netapp.com/advisory/ntap-20231214-0001/
- https://security.netapp.com/advisory/ntap-20231214-0001/
- https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
- https://www.djangoproject.com/weblog/2023/nov/01/security-releases/