ALT-BU-2019-3868-2

Branch p9 update bulletin.

Package qemu updated to version 4.0.0-alt4 for branch p9 in task 235892.

Неверные имена эмуляторов в конфигурационных файлах

Package branding-xalt-kworkstation updated to version 9.0.0-alt0.3 for branch p9 in task 235921.

Внешний монитор и монитор ноутбука показывают некорректный фон

Package clamav updated to version 0.101.3-alt1 for branch p9 in task 235913.

Уязвимость пакета антивирусных программ ClamAV, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2019-12625

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package yarn updated to version 1.17.3-alt1 for branch p9 in task 235947.

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch p9 update on 2019-08-13

ALT-BU-2019-3868-2

ALT-PU-2019-2438-1

Closed bugs

Bug #37083

ALT-PU-2019-2443-1

Closed bugs

Bug #37097

ALT-PU-2019-2444-1

Closed vulnerabilities

BDU:2020-01710

CVE-2019-12625

ALT-PU-2019-2452-1

Closed vulnerabilities

CVE-2019-5448