ALT Linux Team

Branch sisyphus_loongarch64 update on 2024-03-20

2024-03-20

ALT-BU-2024-4298-1

Branch sisyphus_loongarch64 update bulletin.

ALT-PU-2024-4294-1

Package avahi updated to version 0.8-alt3 for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2023-04-25

BDU:2023-08473

Уязвимость функции avahi_rdata_parse() системы обнаружения сервисов в локальной сети Avahi, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-11-02
Modified: 2024-11-21

CVE-2023-38469

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-11-02
Modified: 2024-11-21

CVE-2023-38470

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-11-02
Modified: 2024-11-21

CVE-2023-38471

A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-11-02
Modified: 2024-11-21

CVE-2023-38472

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-11-02
Modified: 2024-11-21

CVE-2023-38473

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2024-4296-1

Package lua5.4 updated to version 5.4.6-alt1.0.port for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2022-02-15

BDU:2022-04620

Уязвимость реализации функции singlevar() интерпретатора скриптов Lua, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2022-04-08
Modified: 2024-11-21

CVE-2022-28805

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2022-07-01
Modified: 2024-11-21

CVE-2022-33099

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2024-4297-1

Package phosh updated to version 0.37.0-alt1.2 for branch sisyphus_loongarch64.

Closed bugs

Bug #49750

phosh: сломался запуск с переходом на gnome-session-46

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top