ALT Linux Team

Branch p8 update on 2018-03-30

2018-03-30

ALT-BU-2018-3169-1

Branch p8 update bulletin.

ALT-PU-2018-1504-1

Package sssd updated to version 1.16.1-alt1.M80P.1 for branch p8 in task 201947.

Closed vulnerabilities

Published: 2018-07-27

BDU:2019-04067

Уязвимость функции ssedb_search_user_by_upn_res() сервиса управления доступом к удаленным каталогам и механизмам аутентификации sssd, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (6.8) Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N
References:
Published: 2018-07-27
Modified: 2024-11-21

CVE-2017-12173

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-1507-1

Package qupzilla updated to version 2.2.6-alt0.M80P.1 for branch p8 in task 203134.

Closed bugs

Bug #34727

Версия QupZilla. нужно сделать бекпорт из Сизифа.

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top