ALT-BU-2019-3668-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2023-01681
Уязвимость метода init() универсальной системы мониторинга Zabbix, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-01720
Уязвимость универсальной системы мониторинга Zabbix, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-02341
Уязвимость реализации сценариев api_jsonrpc.php и index.php универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2019-15132
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- https://support.zabbix.com/browse/ZBX-16532
- https://support.zabbix.com/browse/ZBX-16532
Modified: 2024-11-21
CVE-2020-15803
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
- openSUSE-SU-2020:1604
- openSUSE-SU-2020:1604
- [debian-lts-announce] 20200803 [SECURITY] [DLA 2311-1] zabbix security update
- [debian-lts-announce] 20200803 [SECURITY] [DLA 2311-1] zabbix security update
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- FEDORA-2020-02cf7850ca
- FEDORA-2020-02cf7850ca
- FEDORA-2020-519516feec
- FEDORA-2020-519516feec
- https://support.zabbix.com/browse/ZBX-18057
- https://support.zabbix.com/browse/ZBX-18057
Modified: 2024-11-21
CVE-2021-27927
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.
Modified: 2024-11-21
CVE-2022-23132
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
Package firmware-intel-ucode updated to version 9-alt1.20190514 for branch sisyphus in task 229647.
Closed vulnerabilities
BDU:2019-01957
Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию
BDU:2019-01958
Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2019-01959
Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию
BDU:2019-01960
Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации
Modified: 2024-11-21
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Modified: 2024-11-21
CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Modified: 2024-11-21
CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Modified: 2024-11-21
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Closed bugs
не удаляет некоторые лишние строчки
добавить возможность добавить архив
apt-repo can't rm p8 (uncommented from apt-conf-branch)
sh: -c: line 0: syntax error near unexpected token `<'
Возможность dry run