ALT-BU-2024-15117-1
Branch sisyphus_riscv64 update bulletin.
Package p7zip updated to version 17.05-alt3 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2024-04975
Уязвимость обработчика NTFS в файле NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2023-52168
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
- https://www.openwall.com/lists/oss-security/2024/07/03/10
Modified: 2024-11-21
CVE-2023-52169
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- [oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
- https://www.openwall.com/lists/oss-security/2024/07/03/10
Package libgtk+2 updated to version 2.24.33-alt2 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2024-06447
Уязвимость библиотеки для создания графических пользовательских интерфейсов GTK (GIMP Toolkit), связанная с неверным управлением генерацией кода, позволяющая нарушителю повысить свои привилегии
Modified: 2025-03-14
CVE-2024-6655
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHSA-2024:6963
- RHSA-2024:9184
- https://access.redhat.com/security/cve/CVE-2024-6655
- https://access.redhat.com/security/cve/CVE-2024-6655
- RHBZ#2297098
- RHBZ#2297098
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0
- https://www.openwall.com/lists/oss-security/2024/09/09/1