Branch c8.1 update bulletin.

Package kernel-image-std-4.9 updated to version 4.9.186-alt0.M80C.1 for branch c8.1 in task 234980.

Published: 2019-08-20
Modified: 2025-02-11

BDU:2019-02927

Уязвимость функции mwifiex_update_bss_desc_with_ie ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (8.3) Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2019-3846

Published: 2019-06-03
Modified: 2024-11-21

CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Severity: HIGH (8.3) Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package zabbix updated to version 4.2.4-alt1 for branch c8.1 in task 235073.

Published: 2020-10-22
Modified: 2023-11-21

BDU:2020-04792

Уязвимость универсальной системы мониторинга Zabbix, связанная с ошибками управления генерацией кода, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2020-11800

Published: 2023-03-28
Modified: 2025-03-05

BDU:2023-01711

Уязвимость универсальной системы мониторинга Zabbix, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: MEDIUM (4.9) Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

References:

CVE-2022-35229

Published: 2023-05-04
Modified: 2025-01-29

BDU:2023-02341

Уязвимость реализации сценариев api_jsonrpc.php и index.php универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2019-15132

Published: 2019-02-17
Modified: 2024-11-21

CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2019-08-17
Modified: 2024-11-21

CVE-2019-15132

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2020-10-07
Modified: 2024-11-21

CVE-2020-11800

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-07-17
Modified: 2024-11-21

CVE-2020-15803

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2022-07-06
Modified: 2025-11-03

CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

Severity: LOW (3.5) Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Нестандартный пусть до загружаемых модулей

[FR] ручка для отключения java

Некорректный путь к traceroute а БД

Package alterator-datetime updated to version 4.0-alt0.M80C.1 for branch c8.1 in task 235158.

Неверный формат времени при установке

Не дает указать IP-адрес в NTP-сервере

Version: 2.1.2

Branch c8.1 update on 2019-08-01

ALT-BU-2019-3837-1

ALT-PU-2019-2350-1

Closed vulnerabilities

BDU:2019-02927

CVE-2019-3846

ALT-PU-2019-2351-1

Closed vulnerabilities

BDU:2020-04792

BDU:2023-01711

BDU:2023-02341

CVE-2016-10742

CVE-2019-15132

CVE-2020-11800

CVE-2020-15803

CVE-2022-35229

Closed bugs

Bug #33418

Bug #34122

Bug #36439

ALT-PU-2019-2352-1

Closed bugs

Bug #35985

Bug #37012