ALT-BU-2019-3608-1
Branch sisyphus update bulletin.
Package qt-creator updated to version 4.9.0-alt1 for branch sisyphus in task 227206.
Closed bugs
Обновить qt-creator
Closed bugs
radare2-3.3.0-alt1 builds and provides its own old bundled copy of liblz4
Package kernel-image-std-def updated to version 4.19.34-alt1 for branch sisyphus in task 227171.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-11810
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
- openSUSE-SU-2019:1924
- openSUSE-SU-2019:1924
- openSUSE-SU-2019:1923
- openSUSE-SU-2019:1923
- 108286
- 108286
- RHSA-2019:1959
- RHSA-2019:1959
- RHSA-2019:1971
- RHSA-2019:1971
- RHSA-2019:2029
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:2043
- RHSA-2019:2736
- RHSA-2019:2736
- RHSA-2019:2837
- RHSA-2019:2837
- RHSA-2019:3217
- RHSA-2019:3217
- RHSA-2020:0036
- RHSA-2020:0036
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bcf3b67d16a4c8ffae0aa79de5853435e683945c
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bcf3b67d16a4c8ffae0aa79de5853435e683945c
- https://github.com/torvalds/linux/commit/bcf3b67d16a4c8ffae0aa79de5853435e683945c
- https://github.com/torvalds/linux/commit/bcf3b67d16a4c8ffae0aa79de5853435e683945c
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- https://security.netapp.com/advisory/ntap-20190719-0003/
- https://security.netapp.com/advisory/ntap-20190719-0003/
- https://support.f5.com/csp/article/K50484570
- https://support.f5.com/csp/article/K50484570
- USN-4005-1
- USN-4005-1
- USN-4008-1
- USN-4008-1
- USN-4008-3
- USN-4008-3
- USN-4115-1
- USN-4115-1
- USN-4118-1
- USN-4118-1
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-11215
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI.
Modified: 2024-11-21
CVE-2019-13965
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability.
Modified: 2024-11-21
CVE-2019-13966
In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
Modified: 2024-11-21
CVE-2019-13967
iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version.
Closed bugs
musescore-2.3.2-alt1 builds a bundled copy of libfreetype
Сломалась сборка musescore
Closed bugs
Обновить screen