ALT Linux Team

Branch sisyphus update on 2020-03-14

2020-03-14

ALT-BU-2020-3697-1

Branch sisyphus update bulletin.

ALT-PU-2020-1466-1

Package kde5-kmail updated to version 19.12.3-alt1 for branch sisyphus in task 247725.

Closed vulnerabilities

Published: 2020-04-17
Modified: 2024-11-21

CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References:

ALT-PU-2020-1467-1

Package cert-sh-functions updated to version 1.0.6-alt1 for branch sisyphus in task 247768.

Closed bugs

Bug #38213

Используется устаревший алгоритм md5

ALT-PU-2020-1471-1

Package hplip updated to version 3.20.3-alt1 for branch sisyphus in task 247679.

Closed bugs

Bug #38043

Починить сборку пакета

Bug #38147

В hplip-gui при нажатии правой кнопкой мыши на значке в трее открывается пустое контекстное меню

ALT-PU-2020-1476-1

Package kernel-image-std-def updated to version 5.4.25-alt1 for branch sisyphus in task 247790.

Closed vulnerabilities

Published: 2020-02-04

BDU:2020-00785

Уязвимость функции vc_do_resize ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: MEDIUM (6.2) Vector: AV:L/AC:L/Au:S/C:C/I:N/A:C
References:
Published: 2020-02-04

BDU:2020-00786

Уязвимость функции vgacon_invert_region ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: MEDIUM (6.2) Vector: AV:L/AC:L/Au:S/C:C/I:N/A:C
References:
Published: 2020-02-04

BDU:2020-00787

Уязвимость функции n_tty_receive_buf_common ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: MEDIUM (6.2) Vector: AV:L/AC:L/Au:S/C:C/I:N/A:C
References:
Published: 2020-02-06
Modified: 2024-11-21

CVE-2020-8647

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2020-02-06
Modified: 2024-11-21

CVE-2020-8648

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2020-02-06
Modified: 2024-11-21

CVE-2020-8649

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
References:

ALT-PU-2020-1477-1

Package virtualbox updated to version 6.1.4-alt3 for branch sisyphus in task 247783.

Closed bugs

Bug #38157

Пропал vboxpci.ko

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top