ALT-BU-2024-13601-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2024-02624
Уязвимость пакета libtirpc, связанная с недостижимым условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-05
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed
- https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html
- https://security.gentoo.org/glsa/202210-33
- https://security.netapp.com/advisory/ntap-20221007-0004/
- https://www.debian.org/security/2022/dsa-5200
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed
- https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html
- https://security.gentoo.org/glsa/202210-33
- https://security.netapp.com/advisory/ntap-20221007-0004/
- https://www.debian.org/security/2022/dsa-5200
Package python-module-urllib3 updated to version 1.25.11-alt0.c9.2 for branch c9f2 in task 358584.
Closed vulnerabilities
BDU:2022-00586
Уязвимость HTTP-клиента для Python urllib3, связанная с неконтролируемым потреблением ресурсов, позволяющая нарушителю выполнить отказ в обслуживании
Modified: 2024-11-21
CVE-2021-33503
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
- https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
- https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
- https://security.gentoo.org/glsa/202107-36
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
- https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
- https://security.gentoo.org/glsa/202107-36
- https://www.oracle.com/security-alerts/cpuoct2021.html
Closed vulnerabilities
BDU:2024-02969
УУязвимость функции apr_base64 библиотеки Apache Portable Runtime (APR), позволяющая нарушителю выполнить произвольный код
Modified: 2025-02-13
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.