ALT Linux Team

Branch sisyphus update on 2018-03-21

2018-03-21

ALT-BU-2018-3146-1

Branch sisyphus update bulletin.

ALT-PU-2018-1454-1

Package calibre updated to version 3.19.0-alt1 for branch sisyphus in task 202546.

Closed vulnerabilities

Published: 2018-03-09
Modified: 2024-11-21

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-1455-1

Package phpMyAdmin updated to version 4.7.9-alt1 for branch sisyphus in task 202553.

Closed vulnerabilities

Published: 2018-02-21
Modified: 2024-11-21

CVE-2018-7260

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Severity: MEDIUM (5.4) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:

ALT-PU-2018-1458-1

Package llvm4.0 updated to version 4.0.1-alt3.rel for branch sisyphus in task 202575.

Closed bugs

Bug #34662

Конфликт с пакетом llvm4

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top