ALT-BU-2019-3837-1
Branch c8.1 update bulletin.
Package kernel-image-std-4.9 updated to version 4.9.186-alt0.M80C.1 for branch c8.1 in task 234980.
Closed vulnerabilities
BDU:2019-02927
Уязвимость функции mwifiex_update_bss_desc_with_ie ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2019-3846
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1571
- openSUSE-SU-2019:1571
- openSUSE-SU-2019:1579
- openSUSE-SU-2019:1579
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:2703
- RHSA-2019:2703
- RHSA-2019:2741
- RHSA-2019:2741
- RHSA-2019:3055
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3076
- RHSA-2019:3089
- RHSA-2019:3089
- RHSA-2020:0174
- RHSA-2020:0174
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- FEDORA-2019-f40bd7826f
- FEDORA-2019-f40bd7826f
- FEDORA-2019-7ec378191e
- FEDORA-2019-7ec378191e
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- https://seclists.org/oss-sec/2019/q2/133
- https://seclists.org/oss-sec/2019/q2/133
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://security.netapp.com/advisory/ntap-20190710-0002/
- USN-4093-1
- USN-4093-1
- USN-4094-1
- USN-4094-1
- USN-4095-1
- USN-4095-1
- USN-4095-2
- USN-4095-2
- USN-4117-1
- USN-4117-1
- USN-4118-1
- USN-4118-1
- DSA-4465
- DSA-4465
Closed vulnerabilities
BDU:2020-04792
Уязвимость универсальной системы мониторинга Zabbix, связанная с ошибками управления генерацией кода, позволяющая нарушителю выполнить произвольный код
BDU:2023-01711
Уязвимость универсальной системы мониторинга Zabbix, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2023-02341
Уязвимость реализации сценариев api_jsonrpc.php и index.php универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2016-10742
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
- [debian-lts-announce] 20190311 [SECURITY] [DLA 1708-1] zabbix security update
- [debian-lts-announce] 20190311 [SECURITY] [DLA 1708-1] zabbix security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2461-1] zabbix security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2461-1] zabbix security update
- https://support.zabbix.com/browse/ZBX-10272
- https://support.zabbix.com/browse/ZBX-10272
- https://support.zabbix.com/browse/ZBX-13133
- https://support.zabbix.com/browse/ZBX-13133
Modified: 2024-11-21
CVE-2019-15132
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- https://support.zabbix.com/browse/ZBX-16532
- https://support.zabbix.com/browse/ZBX-16532
Modified: 2024-11-21
CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2461-1] zabbix security update
- https://support.zabbix.com/browse/DEV-1538
- https://support.zabbix.com/browse/ZBX-17600
- https://support.zabbix.com/browse/ZBXSEC-30
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html
- https://support.zabbix.com/browse/ZBXSEC-30
- https://support.zabbix.com/browse/ZBX-17600
- https://support.zabbix.com/browse/DEV-1538
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2461-1] zabbix security update
Modified: 2024-11-21
CVE-2020-15803
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
- openSUSE-SU-2020:1604
- openSUSE-SU-2020:1604
- [debian-lts-announce] 20200803 [SECURITY] [DLA 2311-1] zabbix security update
- [debian-lts-announce] 20200803 [SECURITY] [DLA 2311-1] zabbix security update
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- FEDORA-2020-02cf7850ca
- FEDORA-2020-02cf7850ca
- FEDORA-2020-519516feec
- FEDORA-2020-519516feec
- https://support.zabbix.com/browse/ZBX-18057
- https://support.zabbix.com/browse/ZBX-18057
Modified: 2024-11-21
CVE-2022-35229
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- [debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
- [debian-lts-announce] 20230822 [SECURITY] [DLA 3538-1] zabbix security update
- [debian-lts-announce] 20230822 [SECURITY] [DLA 3538-1] zabbix security update
- https://support.zabbix.com/browse/ZBX-21306
- https://support.zabbix.com/browse/ZBX-21306
Closed bugs
Нестандартный пусть до загружаемых модулей
[FR] ручка для отключения java
Некорректный путь к traceroute а БД
Package alterator-datetime updated to version 4.0-alt0.M80C.1 for branch c8.1 in task 235158.
Closed bugs
Неверный формат времени при установке
Не дает указать IP-адрес в NTP-сервере