ALT Linux Team

Branch sisyphus update on 2024-12-20

2024-12-20

ALT-BU-2024-17337-1

Branch sisyphus update bulletin.

ALT-PU-2024-17268-3

Package mupdf updated to version 1.25.2-alt1 for branch sisyphus in task 365371.

Closed vulnerabilities

Published: 2021-02-24
Modified: 2024-11-21

CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2021-07-22
Modified: 2024-11-21

CVE-2021-37220

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2022-08-26
Modified: 2024-11-21

CVE-2021-4216

A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2024-17302-2

Package poppler-current updated to version 24.08.0-alt1 for branch sisyphus in task 365414.

Closed vulnerabilities

Published: 2024-06-21
Modified: 2024-11-21

CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2024-17315-1

Package virtualbox updated to version 7.1.4-alt2 for branch sisyphus in task 365433.

Closed bugs

Bug #52274

Не запускается virtualbox.service

ALT-PU-2024-17319-1

Package warp updated to version 0.8.0-alt2 for branch sisyphus in task 365458.

Closed bugs

Bug #52478

warp: aварийное завершение работы при нажатии «отсканировать QR-код»

ALT-PU-2024-17321-1

Package python3-module-markdown-it updated to version 3.0.0-alt2 for branch sisyphus in task 365460.

Closed bugs

Bug #51334

Не хватает зависимости на пакет python3-module-linkify-it-py

ALT-PU-2024-17325-2

Package moc updated to version 2.6.0-alt0.8 for branch sisyphus in task 365475.

Closed bugs

Bug #52414

Поддержка https в плеере

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top