ALT-BU-2019-3975-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2019-04780
Уязвимость функции file_copy_fallback() библиотеки Glib, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2019-12450
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
- openSUSE-SU-2019:1650
- openSUSE-SU-2019:1650
- RHSA-2019:3530
- RHSA-2019:3530
- https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
- https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update
- FEDORA-2019-c18d2bd1bd
- FEDORA-2019-c18d2bd1bd
- https://security.netapp.com/advisory/ntap-20190606-0003/
- https://security.netapp.com/advisory/ntap-20190606-0003/
- USN-4014-1
- USN-4014-1
- USN-4014-2
- USN-4014-2
Closed vulnerabilities
BDU:2021-00123
Уязвимость множества функций из xml.rs библиотеки отрисовки векторной графики librsvg, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
- openSUSE-SU-2020:0343
- openSUSE-SU-2020:0343
- https://gitlab.gnome.org/GNOME/librsvg/issues/515
- https://gitlab.gnome.org/GNOME/librsvg/issues/515
- [debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update
- [debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-f6271d7afa
- FEDORA-2020-f6271d7afa
- https://security.netapp.com/advisory/ntap-20221111-0004/
- https://security.netapp.com/advisory/ntap-20221111-0004/
- USN-4436-1
- USN-4436-1
Package libwebkitgtk4 updated to version 2.26.0-alt1 for branch sisyphus in task 237956.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-8720
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Closed vulnerabilities
BDU:2019-02514
Уязвимость компонента daemon/gvfsbackendadmin.c подсистемы GVFS среды рабочего стола GNOME операционных систем Linux, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации
BDU:2019-02515
Уязвимость компонента daemon/gvfsbackendadmin.c подсистемы GVFS среды рабочего стола GNOME операционных систем Linux, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации
BDU:2019-02516
Уязвимость компонента daemon/gvfsbackendadmin.c подсистемы GVFS среды рабочего стола GNOME операционных систем Linux, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2019-12447
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
- openSUSE-SU-2019:1699
- openSUSE-SU-2019:1699
- openSUSE-SU-2019:1697
- openSUSE-SU-2019:1697
- [oss-security] 20190709 Privileged File Access from Desktop Applications
- [oss-security] 20190709 Privileged File Access from Desktop Applications
- https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80
- https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80
- FEDORA-2019-e6b02af8b8
- FEDORA-2019-e6b02af8b8
- FEDORA-2019-6ed5523cc0
- FEDORA-2019-6ed5523cc0
- USN-4053-1
- USN-4053-1
Modified: 2024-11-21
CVE-2019-12448
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- openSUSE-SU-2019:1699
- openSUSE-SU-2019:1699
- openSUSE-SU-2019:1697
- openSUSE-SU-2019:1697
- [oss-security] 20190709 Privileged File Access from Desktop Applications
- [oss-security] 20190709 Privileged File Access from Desktop Applications
- https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5
- https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5
- FEDORA-2019-e6b02af8b8
- FEDORA-2019-e6b02af8b8
- FEDORA-2019-6ed5523cc0
- FEDORA-2019-6ed5523cc0
- USN-4053-1
- USN-4053-1
Modified: 2024-11-21
CVE-2019-12449
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
- openSUSE-SU-2019:1699
- openSUSE-SU-2019:1699
- openSUSE-SU-2019:1697
- openSUSE-SU-2019:1697
- [oss-security] 20190709 Privileged File Access from Desktop Applications
- [oss-security] 20190709 Privileged File Access from Desktop Applications
- https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8
- https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8
- FEDORA-2019-e6b02af8b8
- FEDORA-2019-e6b02af8b8
- FEDORA-2019-6ed5523cc0
- FEDORA-2019-6ed5523cc0
- USN-4053-1
- USN-4053-1
Closed bugs
tzdata: update to 2019c
Package clementine updated to version 1.3.1-alt8.git88131ec5 for branch sisyphus in task 238174.
Closed bugs
Собрать с Qt5