moderate: vorbis-tools/python-pynacl security update
moderate
An update for vorbis-tools/python-pynacl is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
vorbis-tools:
python-pynacl:
Security Fix(es):
vorbis-tools: A buffer overflow vulnerability was found in vorbis-tools. This flaw allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of WAV files to OGG files.(CVE-2023-43361)
vorbis-tools: bugfix
python-pynacl: A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.(CVE-2023-48795)
python-pynacl: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.