Bug 13955

Summary:	[CVE 21] usbredir 0.8.0 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	a.proklov, e.kosachev, pastordidi, s.matveev, v.potapov, y.tumanov
Version:	All	Flags:	v.potapov: qa_verified+ e.kosachev: secteam_verified+ a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2021-3700,
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Yury 2023-10-18 20:32:01 MSK

Please patch CVEs for package usbredir version 0.8.0
  
INFO (CVEs are): usbredir 0.8.0
 cves found
CVE-2021-3700
Desc: A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3700
Severity: MEDIUM

Comment 1 Aleksandr Proklov 2023-11-16 08:06:47 MSK

Уязвимость закрыта патчем

usbredir	0.8.0-4

https://abf.io/build_lists/4825793
https://abf.io/build_lists/4825794
https://abf.io/build_lists/4825795
https://abf.io/build_lists/4825796
https://abf.io/build_lists/4825797

Comment 2 Dmitry Postnikov 2023-11-21 22:28:39 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-04 18:09:53 MSK

usbredir-0.8.0-4
https://abf.io/build_lists/4825793
https://abf.io/build_lists/4825794
https://abf.io/build_lists/4825795
https://abf.io/build_lists/4825796
https://abf.io/build_lists/4825797
******************************* Advisory **************************
CVE-2021-3700 closed
*******************************************************************
QA Verified

Comment 4 Eduard 2024-07-01 17:14:01 MSK

*******************************************************
Secteam_verified
*******************************************************
https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2442
*******************************************************