ALT-BU-2019-3821-2

Branch sisyphus update bulletin.

Package cinnamon-meta updated to version 4.2.0-alt2 for branch sisyphus in task 234652.

Не отображается иконка Показать миниатюры

Package kernel-image-std-debug updated to version 4.19.59-alt1 for branch sisyphus in task 234653.

Уязвимость функции mwifiex_update_bss_desc_with_ie ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package kernel-image-std-pae updated to version 4.19.59-alt1 for branch sisyphus in task 234660.

Severity: HIGH (8.8)Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package kernel-image-std-def updated to version 4.19.59-alt1 for branch sisyphus in task 234655.

Severity: HIGH (8.8)Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2019-3846

Уязвимость функции mwifiex_uap_parse_tail_ies ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package kernel-image-un-def updated to version 5.1.18-alt1 for branch sisyphus in task 234662.

Severity: HIGH (8.8)Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2019-3846

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2019-10126

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Severity: HIGH (8.3)Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package fritzing updated to version 0.9.3b.0.31.git701e3a3-alt5 for branch sisyphus in task 234682.

Некорректно отображается пункт программы в меню xfce: значения полей Comment и GenericName на английском

Package pidgin updated to version 2.13.0-alt6 for branch sisyphus in task 234688.

Некорректно отображается пункт программы в меню xfce: комментарий на английском, нет названия программы

Package python-module-django updated to version 1.11.22-alt2 for branch sisyphus in task 234615.

Уязвимость библиотеки Django для языка программирования Python, позволяющая нарушителю нарушить целостность защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

CVE-2019-3498

Уязвимость компонента django.http.HttpRequest.scheme библиотеки Django для языка программирования Python, позволяющая нарушителю получить доступ к защищаемой информации

Severity: MEDIUM (5.3)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2019-12781

Уязвимость функции AdminURLFieldWidget фреймворка для веб-разработки Django, связанная с отсутствием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (4.7)Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

CVE-2019-12308

Уязвимость функции django.utils.numberformat.format() фреймворка для веб-разработки Django, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2019-6975

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: MEDIUM (6.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.3)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: MEDIUM (6.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Improper Input Validation in Django

Severity: HIGH (7.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.1)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References:

Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References:

Django Cross-site Scripting in AdminURLFieldWidget

Severity: MEDIUM (5.3)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: MEDIUM (5.3)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References:

Uncontrolled Memory Consumption in Django

Severity: HIGH (8.7)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (8.7)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References:

Version: 2.1.2

ALT-BU-2019-3821-2

Closed bugs

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed bugs

Closed bugs

Closed vulnerabilities