ALT-BU-2025-3952-1
Branch sisyphus_riscv64 update bulletin.
Package ruby updated to version 3.3.7-alt1.1 for branch sisyphus_riscv64.
Closed bugs
Добавляет несуществующий каталог в $PATH
Package plasma-welcome updated to version 6.3.2-alt3 for branch sisyphus_riscv64.
Closed bugs
Склеены слова в окне информации по Krunner из plasma5-welcome
Package admc updated to version 0.19.0-alt1 for branch sisyphus_riscv64.
Closed bugs
Ошибки в журнале изменений (changelog)
Package tinyxml updated to version 2.6.2-alt2 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-06895
Уязвимость функции TiXmlParsingData::Stamp компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-00003
Уязвимость функции TiXmlDeclaration::Parse() компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-42260
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
- [debian-lts-announce] 20220430 [SECURITY] [DLA 2988-1] tinyxml security update
- [debian-lts-announce] 20220430 [SECURITY] [DLA 2988-1] tinyxml security update
- [debian-lts-announce] 20220930 [SECURITY] [DLA 3130-1] tinyxml security update
- [debian-lts-announce] 20220930 [SECURITY] [DLA 3130-1] tinyxml security update
- FEDORA-2024-80e6578a01
- FEDORA-2024-80e6578a01
- FEDORA-2024-c9dc0ac419
- FEDORA-2024-c9dc0ac419
- https://sourceforge.net/p/tinyxml/bugs/141/
- https://sourceforge.net/p/tinyxml/bugs/141/
Modified: 2024-11-21
CVE-2023-34194
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
- [debian-lts-announce] 20231230 [SECURITY] [DLA 3701-1] tinyxml security update
- FEDORA-2024-80e6578a01
- FEDORA-2024-c9dc0ac419
- https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp
- https://www.forescout.com/resources/sierra21-vulnerabilities
- [debian-lts-announce] 20231230 [SECURITY] [DLA 3701-1] tinyxml security update
- https://www.forescout.com/resources/sierra21-vulnerabilities
- https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp
- FEDORA-2024-c9dc0ac419
- FEDORA-2024-80e6578a01
Package iperf3 updated to version 3.18.1-alt2 for branch sisyphus_riscv64.
Closed bugs
iperf3-3.18.1 собран из исходных кодов 3.8.1
Package gtklock updated to version 4.0.0-alt1.git.15.g17b004d for branch sisyphus_riscv64.
Closed bugs
Прошу обновить пакет gtklock
Package opensc updated to version 0.26.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2024-11086
Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
BDU:2024-11087
Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2024-11088
Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2024-11091
Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2024-11092
Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2024-11093
Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-09-13
CVE-2024-45615
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
Modified: 2024-09-13
CVE-2024-45616
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
Modified: 2024-09-13
CVE-2024-45617
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Modified: 2024-09-13
CVE-2024-45618
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Modified: 2024-09-24
CVE-2024-45619
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Modified: 2024-09-19
CVE-2024-45620
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.