ALT-BU-2024-6186-1
Branch sisyphus_e2k update bulletin.
Package libpixman updated to version 0.43.4-alt2 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-06667
Уязвимость функции rasterize_edges_8 библиотеки Pixman, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-44638
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
- http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html
- http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html
- [oss-security] 20221104 Fwd: [ANNOUNCE] pixman release 0.42.2 now available
- [oss-security] 20221104 Fwd: [ANNOUNCE] pixman release 0.42.2 now available
- https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
- https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
- [debian-lts-announce] 20221107 [SECURITY] [DLA 3179-1] pixman security update
- [debian-lts-announce] 20221107 [SECURITY] [DLA 3179-1] pixman security update
- FEDORA-2022-3cf0e7ebc7
- FEDORA-2022-3cf0e7ebc7
- FEDORA-2022-ae2559a8f4
- FEDORA-2022-ae2559a8f4
- FEDORA-2022-f3a939e960
- FEDORA-2022-f3a939e960
- DSA-5276
- DSA-5276
Package etcnet updated to version 0.9.30-alt1 for branch sisyphus_e2k.
Closed bugs
/sbin/ifup is a broken symlink to /etc on merged-usr
Package apache2 updated to version 2.4.59-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2024-02653
Уязвимость веб-сервера Apache HTTP Server, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://www.openwall.com/lists/oss-security/2024/04/04/3
- http://www.openwall.com/lists/oss-security/2024/04/04/3
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
- https://security.netapp.com/advisory/ntap-20240415-0013/
- https://security.netapp.com/advisory/ntap-20240415-0013/
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214119
Modified: 2024-11-21
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://www.openwall.com/lists/oss-security/2024/04/04/5
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
- https://security.netapp.com/advisory/ntap-20240415-0013/
- https://support.apple.com/kb/HT214119
Modified: 2024-11-21
CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://www.openwall.com/lists/oss-security/2024/04/04/4
- http://www.openwall.com/lists/oss-security/2024/04/04/4
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214119
- https://www.openwall.com/lists/oss-security/2024/04/03/16
- https://www.openwall.com/lists/oss-security/2024/04/03/16
Package ds4drv updated to version 0.5.1-alt2 for branch sisyphus_e2k.
Closed bugs
Не запускается.
Package alterator-net-eth updated to version 5.2.8-alt1 for branch sisyphus_e2k.
Closed bugs
Не перезапускаются сетевые интерфейсы после смены конфигурации
Отсутствует возможность выбора "Версии протокола IP" и включение интерфейса через acc
Package mbedtls updated to version 3.6.0-alt1.1 for branch sisyphus_e2k.
Closed bugs
Недоступный сайт, указанный в URL пакета