ALT-BU-2024-16080-1
Branch p11 update bulletin.
Closed vulnerabilities
BDU:2024-08615
Уязвимость библиотеки структурированных файлов GNOME Project G libgsf, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
BDU:2024-08625
Уязвимость библиотеки структурированных файлов The GNOME Project libgsf, связанная с переполнением целых чисел на основе динамической памяти, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2024-36474
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Modified: 2024-11-21
CVE-2024-42415
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Closed bugs
cheese: Падает вместо того, чтобы работать
Closed bugs
allow to avoid include-image-data
Closed bugs
Нужно добавить p11-kit-server, как зависимость
Package python3-module-arrow updated to version 1.3.0-alt1.1 for branch p11 in task 361200.
Closed bugs
remove build dependency on python3-module-chai
Closed vulnerabilities
BDU:2024-06275
Уязвимость файла server.c серверной библиотеки для удалённого доступа к компьютерам Neat VNC, позволяющая нарушителю обойти существующие ограничения безопасности
Modified: 2024-09-05
CVE-2024-42458
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
- https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47
- https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1
- https://github.com/any1/neatvnc/releases/tag/v0.8.1
- https://www.openwall.com/lists/oss-security/2024/08/02/1
- https://www.openwall.com/lists/oss-security/2024/08/02/10
- https://www.openwall.com/lists/oss-security/2024/08/02/7
Package python3-module-langdetect updated to version 1.0.9-alt2 for branch p11 in task 361200.
Closed bugs
migrate from setuptools' test command
Package python3-module-mallard-ducktype updated to version 1.0.2-alt2 for branch p11 in task 361200.
Closed bugs
migrate from setuptools' test command
Package gnome-network-displays updated to version 0.93.0-alt0.git976cd7.1 for branch p11 in task 361200.
Closed bugs
gnome-network-displays: new version
Package phosh-mobile-settings updated to version 0.42.0-alt1.1 for branch p11 in task 361200.
Closed bugs
Ломушка трассировки/останова
Package pika-backup updated to version 0.7.4-alt1.1 for branch p11 in task 361200.
Closed bugs
Pika Backup: Недостаточно зависимостей для монитрования образа с резервной копией
Package python3-module-Cython updated to version 3.0.11-alt1 for branch p11 in task 361200.
Closed bugs
Cython: обновить до 3.0.10
Package perl-Glib-Object-Introspection updated to version 0.051-alt4 for branch p11 in task 361200.
Closed bugs
perl-Glib-Object-Introspection: FTBFS
Closed bugs
arrow: FTBFS
Closed bugs
AttributeError: 'float' object has no attribute 'split' при работе cockpit-bridge
cockpit: FTBFS
Closed bugs
onboard: new version
Closed bugs
qemu: FTBFS