ALT-BU-2024-3716-1
Branch sisyphus_riscv64 update bulletin.
Package lilv updated to version 0.24.24-alt2 for branch sisyphus_riscv64.
Closed bugs
Не предоставляет liblilv-devel
Package libopenjpeg2.0 updated to version 2.5.1-alt1.1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3575
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
- https://bugzilla.redhat.com/show_bug.cgi?id=1957616
- https://bugzilla.redhat.com/show_bug.cgi?id=1957616
- https://github.com/uclouvain/openjpeg/issues/1347
- https://github.com/uclouvain/openjpeg/issues/1347
- FEDORA-2021-c1ac2ee5ee
- FEDORA-2021-c1ac2ee5ee
- FEDORA-2021-e145f477df
- FEDORA-2021-e145f477df
- https://ubuntu.com/security/CVE-2021-3575
- https://ubuntu.com/security/CVE-2021-3575
Closed bugs
OPJ_VERSION_XXX defines missing
Package osec updated to version 1.3.2-alt1 for branch sisyphus_riscv64.
Closed bugs
Программа не завершается и находится в бесконечном цикле
Package accountsservice updated to version 23.13.9-alt2 for branch sisyphus_riscv64.
Closed bugs
Не отображается список пользователей при запуске системы | экран приветствие [GDM]
URL чужой
Package cyrus-sasl2 updated to version 2.1.28-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2020-01461
Уязвимость метода аунтефикации пользователей Cyrus SASL, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01443
Уязвимость реализации механизма аутентификации Cyrus SASL, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю выполнить произвольный SQL-запрос
Modified: 2024-11-21
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- https://github.com/cyrusimap/cyrus-sasl/issues/587
- https://github.com/cyrusimap/cyrus-sasl/issues/587
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update
- [debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update
- FEDORA-2020-51d591d035
- FEDORA-2020-51d591d035
- FEDORA-2020-bf829f9a84
- FEDORA-2020-bf829f9a84
- 20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update
- 20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211289
- USN-4256-1
- USN-4256-1
- DSA-4591
- DSA-4591
- https://www.openldap.org/its/index.cgi/Incoming?id=9123
- https://www.openldap.org/its/index.cgi/Incoming?id=9123
Modified: 2024-11-21
CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
- https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
- [debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update
- [debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update
- FEDORA-2022-e33e824d37
- FEDORA-2022-e33e824d37
- FEDORA-2022-8cc64f73d0
- FEDORA-2022-8cc64f73d0
- FEDORA-2022-f9642fab70
- FEDORA-2022-f9642fab70
- https://security.netapp.com/advisory/ntap-20221007-0003/
- https://security.netapp.com/advisory/ntap-20221007-0003/
- https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- DSA-5087
- DSA-5087
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed bugs
При подготовке к Usrmerge сломался sssd