Branch sisyphus update bulletin.

Package nagios-nrpe updated to version 3.2.1-alt3 for branch sisyphus in task 244732.

Published: 2018-08-01

BDU:2019-01845

Уязвимость утилиты удалённого выполнения плагинов Nagios Remote Plugin Executor, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2014-2913

Published: 2018-08-01

BDU:2019-01845

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2014-2913

Published: 2014-05-07
Modified: 2024-11-21

CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Severity: HIGH (7.5)

References:

Package inkscape updated to version 1.0-alt0.beta2 for branch sisyphus in task 244731.

inkscape собран с python2

Package alterator-luks updated to version 0.3.1-alt2 for branch sisyphus in task 244395.

fails to setup a password for the LUKS partition properly

Package grub updated to version 2.02-alt21 for branch sisyphus in task 244525.

grubx64.efi does not contain a few modules required to boot from a LUKS partition

Version: 2.1.0

Branch sisyphus update on 2020-01-23

ALT-BU-2020-3611-1

ALT-PU-2020-1079-1

Closed vulnerabilities

BDU:2019-01845

BDU:2019-01845

CVE-2014-2913

ALT-PU-2020-1080-1

Closed bugs

Bug #37290

ALT-PU-2020-1081-1

Closed bugs

Bug #37662

ALT-PU-2020-1082-1

Closed bugs

Bug #37663