ALT Linux Team

Branch sisyphus update on 2019-05-24

2019-05-24

ALT-BU-2019-3678-1

Branch sisyphus update bulletin.

ALT-PU-2019-1895-1

Package freecad updated to version 0.18.2-alt2 for branch sisyphus in task 229699.

Closed bugs

Bug #36762

Два значка запуска

ALT-PU-2019-1897-1

Package nss updated to version 3.44.0-alt1 for branch sisyphus in task 229876.

Closed vulnerabilities

Published: 2021-01-14
Modified: 2023-11-21

BDU:2021-00100

Уязвимость набора криптографических библиотек NSS, связанная с неправильным подтверждением подлинности сертификата, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2020-10-22
Modified: 2024-11-21

CVE-2019-17007

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2019-1902-1

Package libidn2 updated to version 2.2.0-alt1 for branch sisyphus in task 229970.

Closed vulnerabilities

Published: 2020-04-06
Modified: 2024-04-27

BDU:2020-01339

Уязвимость компонента RFC3490 библиотеки Libidn2, позволяющая нарушителю создать вредоносный домен, который соответствует целевому домену

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2019-10-22
Modified: 2024-11-21

CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top