ALT-BU-2024-17337-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3407
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
- http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d42fd383b3c80c12cbc675443176a
- https://bugs.ghostscript.com/show_bug.cgi?id=703366
- https://lists.debian.org/debian-lts-announce/2021/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCADE3VSPWCGTE5BV4KL273R5VK3GDKM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M44PNYCBL33OD7GC75XNE6CDS4VSGVWO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLC6MPH7YS6JPU427XOFRLF3KKZQUZJN/
- https://security.gentoo.org/glsa/202105-30
- http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d42fd383b3c80c12cbc675443176a
- https://bugs.ghostscript.com/show_bug.cgi?id=703366
- https://lists.debian.org/debian-lts-announce/2021/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCADE3VSPWCGTE5BV4KL273R5VK3GDKM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M44PNYCBL33OD7GC75XNE6CDS4VSGVWO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLC6MPH7YS6JPU427XOFRLF3KKZQUZJN/
- https://security.gentoo.org/glsa/202105-30
Modified: 2024-11-21
CVE-2021-37220
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
- http://git.ghostscript.com/?p=mupdf.git%3Bh=f5712c9949d026e4b891b25837edd2edc166151f
- https://bugs.ghostscript.com/show_bug.cgi?id=703791
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKRMREIYUBGG2GV73CU7BJNW2Q34IP23/
- http://git.ghostscript.com/?p=mupdf.git%3Bh=f5712c9949d026e4b891b25837edd2edc166151f
- https://bugs.ghostscript.com/show_bug.cgi?id=703791
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKRMREIYUBGG2GV73CU7BJNW2Q34IP23/
Modified: 2024-11-21
CVE-2021-4216
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
Package poppler-current updated to version 24.08.0-alt1 for branch sisyphus in task 365414.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2024-6239
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- https://access.redhat.com/errata/RHSA-2024:5305
- https://access.redhat.com/errata/RHSA-2024:9167
- https://access.redhat.com/security/cve/CVE-2024-6239
- https://bugzilla.redhat.com/show_bug.cgi?id=2293594
- https://access.redhat.com/security/cve/CVE-2024-6239
- https://bugzilla.redhat.com/show_bug.cgi?id=2293594
Package virtualbox updated to version 7.1.4-alt2 for branch sisyphus in task 365433.
Closed bugs
Не запускается virtualbox.service
Closed bugs
warp: aварийное завершение работы при нажатии «отсканировать QR-код»
Package python3-module-markdown-it updated to version 3.0.0-alt2 for branch sisyphus in task 365460.
Closed bugs
Не хватает зависимости на пакет python3-module-linkify-it-py
Closed bugs
Поддержка https в плеере