ALT Linux Team

Branch sisyphus update on 2014-09-14

2014-09-14

ALT-BU-2014-2982-2

Branch sisyphus update bulletin.

ALT-PU-2014-2136-1

Package libkeybinder updated to version 0.3.0-alt2.git20120617 for branch sisyphus in task 130167.

Closed bugs

Bug #27509

module is installed into wrong directory

ALT-PU-2014-2137-1

Package lua5 updated to version 5.1.5-alt1 for branch sisyphus in task 130180.

Closed vulnerabilities

Published: 2015-04-28
Modified: 2017-11-08

BDU:2015-04141

Уязвимость функционала для работ с аргументами переменной длины vararg интерпретатора скриптов Lua, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2015-04-28
Modified: 2017-11-08

BDU:2015-04142

Уязвимость функционала для работ с аргументами переменной длины vararg интерпретатора скриптов Lua, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-09-04
Modified: 2025-04-12

CVE-2014-5461

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:

ALT-PU-2014-2138-2

Package phpMyAdmin updated to version 4.2.8.1-alt1 for branch sisyphus in task 130195.

Closed vulnerabilities

Published: 2014-11-08
Modified: 2025-04-12

CVE-2014-6300

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2022-05-14
Modified: 2023-08-16

GHSA-6wfj-2mw7-p5cg

phpMyAdmin micro history Implementation XSS Vulnerability

References:

ALT-PU-2014-3192-2

Package apache-commons-fileupload updated to version 1.3-alt1_4jpp7 for branch sisyphus in task 129933.

Closed vulnerabilities

Published: 2013-03-15
Modified: 2026-04-29

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

Severity: LOW (3.3)Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
References:
Published: 2022-05-05
Modified: 2022-07-08

GHSA-vm69-474v-7q2w

Incorrect Default Permissions in Apache Commons FileUpload

References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top