ALT-BU-2024-8434-2
Branch c10f2 update bulletin.
Package xorg-server updated to version 1.20.14-alt13 for branch c10f2 in task 348625.
Closed bugs
Падение Xorg после обновления до 1.20.14-alt12
Closed vulnerabilities
BDU:2023-07116
Уязвимость функции zipOpenNewFileInZip4_64() пакета MiniZip библиотеки zlib, позволяющая нарушителю оказать воздействие на целостность, доступность и конфиденциальность защищаемой информации
Modified: 2024-12-20
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
- [oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- [oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- [oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- [oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3
- https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
- https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
- https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
- https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
- https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
- https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
- https://github.com/madler/zlib/pull/843
- https://github.com/madler/zlib/pull/843
- [debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update
- [debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update
- https://pypi.org/project/pyminizip/#history
- https://pypi.org/project/pyminizip/#history
- GLSA-202401-18
- GLSA-202401-18
- https://security.netapp.com/advisory/ntap-20231130-0009/
- https://security.netapp.com/advisory/ntap-20231130-0009/
- https://www.winimage.com/zLibDll/minizip.html
- https://www.winimage.com/zLibDll/minizip.html
Closed vulnerabilities
BDU:2024-02061
Уязвимость функции HttpStateData() декодера Chunked прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-02-26
CVE-2024-25111
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.
- http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch
- http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch
- https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc
- https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/
- https://security.netapp.com/advisory/ntap-20240605-0001/
- https://security.netapp.com/advisory/ntap-20240605-0001/