ALT-BU-2018-3489-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-17336
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
Package qt5-webkit updated to version 5.212.0-alt8 for branch sisyphus in task 213569.
Closed bugs
Неверные пути в файле .pc
Package qt5-x11extras updated to version 5.11.2-alt1 for branch sisyphus in task 213569.
Closed bugs
Клиент Mail.ru Cloud требует qt5-x11extras
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-1000810
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.
- https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html
- https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html
- https://groups.google.com/forum/#%21topic/rustlang-security-announcements/CmSuTm-SaU0
- https://groups.google.com/forum/#%21topic/rustlang-security-announcements/CmSuTm-SaU0
- GLSA-201812-11
- GLSA-201812-11
Closed vulnerabilities
BDU:2020-04922
Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти блокировку учетной записи CentralAuth
BDU:2020-04924
Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с небезопасным управлением привилегиями, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Modified: 2024-11-21
CVE-2018-0503
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
- 1041695
- 1041695
- RHSA-2019:3142
- RHSA-2019:3142
- RHSA-2019:3238
- RHSA-2019:3238
- RHSA-2019:3813
- RHSA-2019:3813
- [wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1
- [wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1
- https://phabricator.wikimedia.org/T169545
- https://phabricator.wikimedia.org/T169545
- DSA-4301
- DSA-4301
Modified: 2024-11-21
CVE-2018-0504
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
- 1041695
- 1041695
- RHSA-2019:3238
- RHSA-2019:3238
- RHSA-2019:3813
- RHSA-2019:3813
- [wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1
- [wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1
- https://phabricator.wikimedia.org/T187638
- https://phabricator.wikimedia.org/T187638
- DSA-4301
- DSA-4301
Modified: 2024-11-21
CVE-2018-0505
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
- 1041695
- 1041695
- RHSA-2019:3142
- RHSA-2019:3142
- RHSA-2019:3238
- RHSA-2019:3238
- RHSA-2019:3813
- RHSA-2019:3813
- [wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1
- [wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1
- https://phabricator.wikimedia.org/T194605
- https://phabricator.wikimedia.org/T194605
- DSA-4301
- DSA-4301
Modified: 2024-11-21
CVE-2018-1325
In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
Package plasma5-workspace updated to version 5.12.7-alt1 for branch sisyphus in task 213748.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-6791
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
Closed bugs
kde5/plasma: неправильно формируется контекстное меню в системном трее
Package plasma5-desktop updated to version 5.12.7-alt1 for branch sisyphus in task 213748.
Closed bugs
Не сохраняются настройки QT4
Package plasma5-kwallet-pam updated to version 5.12.7-alt1 for branch sisyphus in task 213748.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-10380
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
- https://bugzilla.suse.com/show_bug.cgi?id=1090863
- https://bugzilla.suse.com/show_bug.cgi?id=1090863
- https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5
- https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5
- https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0
- https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0
- https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b
- https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b
- https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8
- https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8
- DSA-4200
- DSA-4200
- https://www.kde.org/info/security/advisory-20180503-1.txt
- https://www.kde.org/info/security/advisory-20180503-1.txt
Closed bugs
Не работает интеграция с sddm
Package plasma5-breeze-gtk updated to version 5.12.7-alt1 for branch sisyphus in task 213748.
Closed bugs
Не отображает результатов теста