ALT-BU-2024-15078-1
Branch sisyphus_loongarch64 update bulletin.
Package libgst-rtsp-server updated to version 1.24.9-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-10-23
CVE-2024-44331
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
Package liblouisutdml updated to version 2.12.0-alt2 for branch sisyphus_loongarch64.
Closed bugs
Ошибка сегментирования при использования ключа -l в утилите file2brl.
Package lynx updated to version 2.9.2-alt1.rel.0 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2022-00255
Уязвимость подкомпонента userinfo текстового веб-браузера Lynx, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- https://bugs.debian.org/991971
- https://bugs.debian.org/991971
- https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
- https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
- [debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update
- [debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update
- FEDORA-2021-57287bd052
- FEDORA-2021-57287bd052
- FEDORA-2021-232161e4d5
- FEDORA-2021-232161e4d5
- FEDORA-2021-f59bda7d94
- FEDORA-2021-f59bda7d94
- https://lynx.invisible-island.net/current/CHANGES.html
- https://lynx.invisible-island.net/current/CHANGES.html
- DSA-4953
- DSA-4953
- https://www.openwall.com/lists/oss-security/2021/08/07/1
- https://www.openwall.com/lists/oss-security/2021/08/07/1
- https://www.openwall.com/lists/oss-security/2021/08/07/11
- https://www.openwall.com/lists/oss-security/2021/08/07/11
Package turtle updated to version 0.10-alt2 for branch sisyphus_loongarch64.
Closed bugs
turtle: пакет nautilus-python отсутствует в зависимостях turtle
Package ravada updated to version 2.3.1-alt2 for branch sisyphus_loongarch64.
Closed bugs
Не работает веб интерфейс
Package p7zip updated to version 17.05-alt3 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-04975
Уязвимость обработчика NTFS в файле NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2023-52168
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
- https://www.openwall.com/lists/oss-security/2024/07/03/10
Modified: 2024-11-21
CVE-2023-52169
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
- https://www.openwall.com/lists/oss-security/2024/07/03/10