ALT-BU-2024-15259-2
Branch c10f2 update bulletin.
Package python3-module-celery updated to version 5.3.6-alt1 for branch c10f2 in task 361409.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-23727
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
- https://github.com/celery/celery/blob/master/Changelog.rst%23522
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYXRGHWHD2WWMHBWCVD5ULVINPKNY3P5/
- https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953
- https://github.com/celery/celery/blob/master/Changelog.rst%23522
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYXRGHWHD2WWMHBWCVD5ULVINPKNY3P5/
- https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953
Closed vulnerabilities
Modified: 2025-05-06
BDU:2024-04975
Уязвимость обработчика NTFS в файле NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю выполнить произвольный код
Modified: 2025-08-13
BDU:2024-11604
Уязвимость функции CFileNameAttr::Parse() файла NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю загружать произвольные файлы и получить несанкционированный доступ к защищаемой информации
Modified: 2026-04-15
CVE-2023-52168
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
- http://www.openwall.com/lists/oss-security/2024/07/03/10
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
- http://www.openwall.com/lists/oss-security/2024/07/03/10
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://security.netapp.com/advisory/ntap-20241122-0011/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
Modified: 2026-04-15
CVE-2023-52169
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
- http://www.openwall.com/lists/oss-security/2024/07/03/10
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10
- http://www.openwall.com/lists/oss-security/2024/07/03/10
- https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- https://security.netapp.com/advisory/ntap-20241122-0011/
- https://sourceforge.net/p/sevenzip/bugs/2402/
- https://www.openwall.com/lists/oss-security/2024/07/03/10