ALT-BU-2024-16463-1
Branch sisyphus_loongarch64 update bulletin.
Package bcel updated to version 6.8.2-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-02279
Уязвимость библиотеки для обработки байт-кода Java Apache Commons BCEL, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
- [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
- https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4
- FEDORA-2022-01a56f581c
- FEDORA-2022-01a56f581c
- FEDORA-2022-f60a52e054
- FEDORA-2022-f60a52e054
- FEDORA-2022-0e358addb8
- FEDORA-2022-0e358addb8
- GLSA-202401-25
- GLSA-202401-25
Package xalan-j2 updated to version 2.7.3-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2022-04788
Уязвимость библиотеки Apache Xalan Java XSLT, связанная с ошибкой приведения целочисленного значения, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
- http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
- http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
- [oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
- [oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- [oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
- https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
- https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
- https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
- https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
- [debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update
- [debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update
- FEDORA-2022-b76ab52e73
- FEDORA-2022-b76ab52e73
- FEDORA-2022-d26586b419
- FEDORA-2022-d26586b419
- FEDORA-2022-ae563934f7
- FEDORA-2022-ae563934f7
- FEDORA-2022-19b6f21746
- FEDORA-2022-19b6f21746
- FEDORA-2022-80afe2304a
- FEDORA-2022-80afe2304a
- FEDORA-2022-e573851f56
- FEDORA-2022-e573851f56
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20220729-0009/
- https://security.netapp.com/advisory/ntap-20220729-0009/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- DSA-5188
- DSA-5188
- DSA-5192
- DSA-5192
- DSA-5256
- DSA-5256
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed bugs
Для закрытия CVE-2022-34169 необходимо обновить пакет
Package Singular updated to version 4.4.0.6-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-40299
In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.
- http://michael.orlitzky.com/cves/cve-2022-40299.xhtml
- http://michael.orlitzky.com/cves/cve-2022-40299.xhtml
- https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
- https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
- https://github.com/Singular/Singular/issues/1137
- https://github.com/Singular/Singular/issues/1137
Package candle updated to version 1.2-alt3 for branch sisyphus_loongarch64.
Closed bugs
На тёмной теме KDE не отображаются иконки управления ЧПУ станком
Package helix updated to version 24.07-alt2 for branch sisyphus_loongarch64.
Closed bugs
Use HELIX_DEFAULT_RUNTIME before build instead of HELIX_RUNTIME at runtime
Package cozy updated to version 1.3.0-alt3 for branch sisyphus_loongarch64.
Closed bugs
cozy: insufficient runtime dependencies