ALT-BU-2024-13089-1
Branch sisyphus_riscv64 update bulletin.
Package libnss-role updated to version 0.5.6-alt4 for branch sisyphus_riscv64.
Closed bugs
Накрывается медным тазом при обновлении p10 --> p11
Package libarchive updated to version 3.7.5-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-05007
Уязвимость функции umask() компонента archive_write_disk_posix.c библиотеки Libarchive, позволяющая нарушителю удалять и переименовывать файлы внутри каталогов
BDU:2024-00408
Уязвимость библиотеки Libarchive операционной системы Windows, позволяющая нарушителю выполнить произвольный код
BDU:2024-02924
Уязвимость библиотеки архивирования libarchive операционных систем Windows, позволяющая нарушителю выполнить произвольный код
BDU:2024-04626
Уязвимость библиотеки libarchive, связанная с чтением за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-14
CVE-2023-30571
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.
Modified: 2024-11-21
CVE-2024-20696
Windows libarchive Remote Code Execution Vulnerability
Modified: 2025-01-08
CVE-2024-26256
Libarchive Remote Code Execution Vulnerability
- http://www.openwall.com/lists/oss-security/2024/06/04/2
- http://www.openwall.com/lists/oss-security/2024/06/05/1
- https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262
- https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch
- https://github.com/libarchive/libarchive/releases/tag/v3.7.4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/
- libarchive Remote Code Execution Vulnerability
- Libarchive Remote Code Execution Vulnerability
- https://www.openwall.com/lists/oss-security/2024/06/04/2
Modified: 2025-03-14
CVE-2024-37407
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
- https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0
- https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0
- https://github.com/libarchive/libarchive/pull/2145
- https://github.com/libarchive/libarchive/pull/2145
- https://github.com/libarchive/libarchive/releases/tag/v3.7.4
- https://github.com/libarchive/libarchive/releases/tag/v3.7.4
Package perl-DBD-mysql updated to version 5.009-alt1 for branch sisyphus_riscv64.
Closed bugs
Запуск zoneminder.service заканчивается ошибкой