Category Archives: Advisories

Advisories

llvm-test-suite-18.1.8-3.fc40

Read Time:2 Minute, 50 Second

FEDORA-2024-300397332b

Packages in this update:

llvm-test-suite-18.1.8-3.fc40

Update description:

Remove ClamAV subdirectory because of viruses in input files:

These were the findings:

MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature
MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc11.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc1.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.cab: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc2.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe.bz2: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/doc3.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc22.rtf: Clamav.Test.File-6

Remove broken links in source tarball

Before it wasn’t possible to pass -DTEST_SUITE_SUBDIRS=CTMark to cmake
when configuring the llvm-test-suite:

— Adding directory CTMark
CMake Error at CTMark/CMakeLists.txt:1 (add_subdirectory):
add_subdirectory given source “7zip” which is not an existing directory.

CMake Error at CTMark/CMakeLists.txt:5 (add_subdirectory):
add_subdirectory given source “lencod” which is not an existing directory.

The llvm-test-suite command script pkg_test_suite.sh removes
directories with BAD or unreviewed licenses. Currently this leaves at
least two directories in a broken state:

/usr/share/llvm-test-suite/CTMark/7zip -> ../MultiSource/Benchmarks/7zip
/usr/share/llvm-test-suite/CTMark/lencod -> ../MultiSource/Applications/JM/lencod

In both cases the link target is non-existent.

Therefore I find any broken symbolic links, remove them and adapt the
CMakeLists.txt to not have the add_subdirectory(broken_link) entry in
it. Here’s an excerpt of what the pkg_test_suite.sh script shows when
running as a proof of the work it does now.

++ find test-suite-19.1.0.src -type l ‘!’ -exec test -e ‘{}’ ‘;’ -print
+ broken_symlinks=’test-suite-19.1.0.src/CTMark/7zip
test-suite-19.1.0.src/CTMark/lencod’
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/7zip
+ rm -fv test-suite-19.1.0.src/CTMark/7zip
removed ‘test-suite-19.1.0.src/CTMark/7zip’
++ dirname test-suite-19.1.0.src/CTMark/7zip
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/7zip
+ dir=7zip
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(7zip)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/lencod
+ rm -fv test-suite-19.1.0.src/CTMark/lencod
removed ‘test-suite-19.1.0.src/CTMark/lencod’
++ dirname test-suite-19.1.0.src/CTMark/lencod
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/lencod
+ dir=lencod
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(lencod)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt

Read More

Advisories

llvm-test-suite-19.1.0-4.fc41

Read Time:2 Minute, 50 Second

FEDORA-2024-6d9aba8c3c

Packages in this update:

llvm-test-suite-19.1.0-4.fc41

Update description:

Remove ClamAV subdirectory because of viruses in input files:

These were the findings:

MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature
MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc11.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc1.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.cab: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc2.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe.bz2: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/doc3.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc22.rtf: Clamav.Test.File-6

Remove broken links in source tarball

Before it wasn’t possible to pass -DTEST_SUITE_SUBDIRS=CTMark to cmake
when configuring the llvm-test-suite:

— Adding directory CTMark
CMake Error at CTMark/CMakeLists.txt:1 (add_subdirectory):
add_subdirectory given source “7zip” which is not an existing directory.

CMake Error at CTMark/CMakeLists.txt:5 (add_subdirectory):
add_subdirectory given source “lencod” which is not an existing directory.

The llvm-test-suite command script pkg_test_suite.sh removes
directories with BAD or unreviewed licenses. Currently this leaves at
least two directories in a broken state:

/usr/share/llvm-test-suite/CTMark/7zip -> ../MultiSource/Benchmarks/7zip
/usr/share/llvm-test-suite/CTMark/lencod -> ../MultiSource/Applications/JM/lencod

In both cases the link target is non-existent.

Therefore I find any broken symbolic links, remove them and adapt the
CMakeLists.txt to not have the add_subdirectory(broken_link) entry in
it. Here’s an excerpt of what the pkg_test_suite.sh script shows when
running as a proof of the work it does now.

++ find test-suite-19.1.0.src -type l ‘!’ -exec test -e ‘{}’ ‘;’ -print
+ broken_symlinks=’test-suite-19.1.0.src/CTMark/7zip
test-suite-19.1.0.src/CTMark/lencod’
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/7zip
+ rm -fv test-suite-19.1.0.src/CTMark/7zip
removed ‘test-suite-19.1.0.src/CTMark/7zip’
++ dirname test-suite-19.1.0.src/CTMark/7zip
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/7zip
+ dir=7zip
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(7zip)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/lencod
+ rm -fv test-suite-19.1.0.src/CTMark/lencod
removed ‘test-suite-19.1.0.src/CTMark/lencod’
++ dirname test-suite-19.1.0.src/CTMark/lencod
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/lencod
+ dir=lencod
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(lencod)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt

Read More

Advisories

USN-7048-2: Vim vulnerability

Read Time:16 Second

USN-7048-1 fixed a vulnerability in Vim. This update provides the
corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Suyue Guo discovered that Vim incorrectly handled memory when flushing the
typeahead buffer, leading to heap-buffer-overflow. An attacker could
possibly use this issue to cause a denial of service.

Read More

Advisories

USN-7070-1: libarchive vulnerabilities

Read Time:33 Second

It was discovered that libarchive mishandled certain memory checks,
which could result in a NULL pointer dereference. An attacker could
potentially use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-36227)

It was discovered that libarchive mishandled certain memory operations,
which could result in an out-of-bounds memory access. An attacker could
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-48957, CVE-2024-48958)

Read More

Advisories

USN-7038-2: APR vulnerability

Read Time:18 Second

USN-7038-1 fixed a vulnerability in Apache Portable Runtime (APR) library.
This update provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.

Read More

Advisories

USN-7069-1: Linux kernel vulnerabilities

Read Time:1 Minute, 0 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– x86 architecture;
– Cryptographic API;
– CPU frequency scaling framework;
– HW tracing;
– ISDN/mISDN subsystem;
– Media drivers;
– Network drivers;
– NVME drivers;
– S/390 drivers;
– SCSI drivers;
– USB subsystem;
– VFIO drivers;
– Watchdog drivers;
– JFS file system;
– IRQ subsystem;
– Core kernel;
– Memory management;
– Amateur Radio drivers;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– Network traffic control;
– TIPC protocol;
– XFRM subsystem;
– Integrity Measurement Architecture(IMA) framework;
– SoC Audio for Freescale CPUs drivers;
– USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)

Read More

Advisories

python-fastapi-0.111.1-7.fc40 python-openapi-core-0.19.4-3.fc40 python-platformio-6.1.14-7.fc40 python-starlette-0.40.0-1.fc40

Read Time:28 Second

FEDORA-2024-f1615b58e6

Packages in this update:

python-fastapi-0.111.1-7.fc40
python-openapi-core-0.19.4-3.fc40
python-platformio-6.1.14-7.fc40
python-starlette-0.40.0-1.fc40

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

Read More

Advisories

python-fastapi-0.115.2-1.fc41 python-openapi-core-0.19.4-4.fc41 python-platformio-6.1.14-7.fc41 python-starlette-0.40.0-1.fc41

Read Time:36 Second

FEDORA-2024-05dedb1a53

Packages in this update:

python-fastapi-0.115.2-1.fc41
python-openapi-core-0.19.4-4.fc41
python-platformio-6.1.14-7.fc41
python-starlette-0.40.0-1.fc41

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

FastAPI 0.115.2

https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1

Read More