ALT-BU-2024-13601-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2024-02624
Уязвимость пакета libtirpc, связанная с недостижимым условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed
- [debian-lts-announce] 20220812 [SECURITY] [DLA 3071-1] libtirpc security update
- [debian-lts-announce] 20220812 [SECURITY] [DLA 3071-1] libtirpc security update
- GLSA-202210-33
- GLSA-202210-33
- https://security.netapp.com/advisory/ntap-20221007-0004/
- https://security.netapp.com/advisory/ntap-20221007-0004/
- DSA-5200
- DSA-5200
Package python-module-urllib3 updated to version 1.25.11-alt0.c9.2 for branch c9f2 in task 358584.
Closed vulnerabilities
BDU:2022-00586
Уязвимость HTTP-клиента для Python urllib3, связанная с неконтролируемым потреблением ресурсов, позволяющая нарушителю выполнить отказ в обслуживании
Modified: 2024-11-21
CVE-2021-33503
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
- https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
- https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
- https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
- https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
- FEDORA-2021-9c5f3b8aae
- FEDORA-2021-9c5f3b8aae
- FEDORA-2021-a6bde7ab18
- FEDORA-2021-a6bde7ab18
- GLSA-202107-36
- GLSA-202107-36
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Closed vulnerabilities
BDU:2024-02969
УУязвимость функции apr_base64 библиотеки Apache Portable Runtime (APR), позволяющая нарушителю выполнить произвольный код
Modified: 2025-02-13
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.