ALT-BU-2024-1291-2
Branch sisyphus update bulletin.
Closed bugs
После создания raid1 на nvme разделе остается device-mapper устройство раздела
Closed vulnerabilities
BDU:2022-05840
Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3527
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
- https://bugzilla.redhat.com/show_bug.cgi?id=1955695
- https://bugzilla.redhat.com/show_bug.cgi?id=1955695
- https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
- https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
- https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
- https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
- [debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update
- [debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- GLSA-202208-27
- GLSA-202208-27
- https://security.netapp.com/advisory/ntap-20210708-0008/
- https://security.netapp.com/advisory/ntap-20210708-0008/
- https://www.openwall.com/lists/oss-security/2021/05/05/5
- https://www.openwall.com/lists/oss-security/2021/05/05/5
Modified: 2024-11-21
CVE-2023-3019
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
- RHSA-2024:0135
- RHSA-2024:0135
- RHSA-2024:0404
- RHSA-2024:0404
- RHSA-2024:0569
- RHSA-2024:0569
- RHSA-2024:2135
- RHSA-2024:2135
- https://access.redhat.com/security/cve/CVE-2023-3019
- https://access.redhat.com/security/cve/CVE-2023-3019
- RHBZ#2222351
- RHBZ#2222351
- https://security.netapp.com/advisory/ntap-20230831-0005/
Modified: 2024-11-21
CVE-2023-3255
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.
Modified: 2024-11-21
CVE-2023-6693
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
- RHSA-2024:2962
- RHSA-2024:2962
- https://access.redhat.com/security/cve/CVE-2023-6693
- https://access.redhat.com/security/cve/CVE-2023-6693
- RHBZ#2254580
- RHBZ#2254580
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/
- https://security.netapp.com/advisory/ntap-20240208-0004/
Package poppler-current updated to version 23.08.0-alt1 for branch sisyphus in task 338404.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-34872
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
- https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
- FEDORA-2023-f0be0daaa5
- FEDORA-2023-6b20b7807a
- FEDORA-2023-4285cca9bf
- FEDORA-2023-4eff9e2cd6
- https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
- FEDORA-2023-4eff9e2cd6
- FEDORA-2023-4285cca9bf
- FEDORA-2023-6b20b7807a
- FEDORA-2023-f0be0daaa5
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
Closed bugs
Неправильный путь для запуска sdlpop
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-38857
Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.
Modified: 2024-11-21
CVE-2023-38858
Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.