ALT-BU-2025-11402-1
Branch p11 update bulletin.
Closed bugs
У brp-debuginfo проблемы с пробелами
Closed vulnerabilities
BDU:2025-07640
Уязвимость функции chacha20_poly1305_set_key() библиотеки libssh, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2025-07641
Уязвимость функции ssh_get_fingerprint_hash() библиотеки libssh, позволяющая нарушителю выполнить произвольный код
BDU:2025-07642
Уязвимость функции privatekey_from_file() библиотеки libssh, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2025-07643
Уязвимость функции pki_key_to_blob() библиотеки libssh, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2025-07644
Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2025-07645
Уязвимость функции sftp_decode_channel_data_to_packet() библиотеки libssh, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-09008
Уязвимость функции sftp_handle() библиотеки LibSSH, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2025-08-20
CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
Modified: 2025-07-29
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.
Modified: 2025-08-21
CVE-2025-5318
A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Modified: 2025-08-22
CVE-2025-5351
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
Modified: 2025-08-22
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Modified: 2025-08-14
CVE-2025-5449
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
- https://access.redhat.com/security/cve/CVE-2025-5449
- https://bugzilla.redhat.com/show_bug.cgi?id=2369705
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb
- https://www.libssh.org/security/advisories/CVE-2025-5449.txt
Modified: 2025-08-22
CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
Closed vulnerabilities
BDU:2025-06642
Уязвимость реализации протокола SIP системы управления IP-телефонией Asterisk позволяющая нарушителю проводить фишинг-атаки
Modified: 2025-08-25
CVE-2025-47779
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
Modified: 2025-08-25
CVE-2025-47780
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
Modified: 2025-08-25
CVE-2025-49832
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.
Package aarch64-none-elf-binutils updated to version 2.45-alt1 for branch p11 in task 393696.
Closed vulnerabilities
BDU:2025-03384
Уязвимость компонента objdump.c программного средства разработки GNU Binutils, позволяющая нарушителю выполнить произвольный код
Modified: 2025-03-04
CVE-2025-0840
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.
- https://sourceware.org/bugzilla/attachment.cgi?id=15882
- https://sourceware.org/bugzilla/show_bug.cgi?id=32560
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
- https://vuldb.com/?ctiid.293997
- https://vuldb.com/?id.293997
- https://vuldb.com/?submit.485255
- https://www.gnu.org/
Package arm-none-eabi-binutils updated to version 2.45-alt1 for branch p11 in task 393697.
Closed vulnerabilities
BDU:2025-03384
Уязвимость компонента objdump.c программного средства разработки GNU Binutils, позволяющая нарушителю выполнить произвольный код
Modified: 2025-03-04
CVE-2025-0840
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.
- https://sourceware.org/bugzilla/attachment.cgi?id=15882
- https://sourceware.org/bugzilla/show_bug.cgi?id=32560
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
- https://vuldb.com/?ctiid.293997
- https://vuldb.com/?id.293997
- https://vuldb.com/?submit.485255
- https://www.gnu.org/
Package riscv32-none-elf-binutils updated to version 2.45-alt1 for branch p11 in task 394102.
Closed vulnerabilities
Modified: 2025-04-04
CVE-2025-1153
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.
- https://sourceware.org/bugzilla/show_bug.cgi?id=32603
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150
- https://vuldb.com/?ctiid.295057
- https://vuldb.com/?id.295057
- https://vuldb.com/?submit.489991
- https://www.gnu.org/
- https://security.netapp.com/advisory/ntap-20250404-0005/
Modified: 2025-05-15
CVE-2025-3198
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
- https://sourceware.org/bugzilla/show_bug.cgi?id=32716
- https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d
- https://vuldb.com/?ctiid.303151
- https://vuldb.com/?id.303151
- https://vuldb.com/?submit.545773
- https://www.gnu.org/
- https://sourceware.org/bugzilla/show_bug.cgi?id=32716
Modified: 2025-08-01
CVE-2025-8224
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.
- https://sourceware.org/bugzilla/attachment.cgi?id=15680
- https://sourceware.org/bugzilla/show_bug.cgi?id=32109
- https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530
- https://vuldb.com/?ctiid.317812
- https://vuldb.com/?id.317812
- https://vuldb.com/?submit.621878
- https://www.gnu.org/
Modified: 2025-08-01
CVE-2025-8225
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.