ALT Linux Team

Branch sisyphus update on 2017-11-12

2017-11-12

ALT-BU-2017-3496-2

Branch sisyphus update bulletin.

ALT-PU-2017-2626-1

Package make-initrd updated to version 2.0.5-alt1 for branch sisyphus in task 194078.

Closed bugs

Bug #33712

/init: 18: /init: arithmetic expression: expecting EOF: "15"*10"

Bug #34117

unbound variables cpu_vendor cpu_family

ALT-PU-2017-2627-1

Package libwebkitgtk4 updated to version 2.18.3-alt1 for branch sisyphus in task 194085.

Closed vulnerabilities

Published: 2017-11-13
Modified: 2025-04-20

CVE-2017-13788

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-11-13
Modified: 2025-04-20

CVE-2017-13798

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-11-13
Modified: 2025-04-20

CVE-2017-13803

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2017-2628-1

Package python-module-PyQt5 updated to version 5.9-alt4 for branch sisyphus in task 194117.

Closed bugs

Bug #34170

Пакет не дособран

ALT-PU-2017-3595-1

Package apache-commons-fileupload updated to version 1.3.3-alt1_2jpp8 for branch sisyphus in task 193833.

Closed vulnerabilities

Published: 2018-12-13
Modified: 2021-03-23

BDU:2018-01429

Уязвимость класса DiskFileItem библиотеки Apache Commons FileUpload, позволяющая нарушителю выполнить произвольный код или осуществить манипулирование файлами в целевой системе

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2016-10-25
Modified: 2025-04-12

CVE-2016-1000031

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top