ALT Linux Team

Branch p9 update on 2020-04-09

2020-04-09

ALT-BU-2020-3750-1

Branch p9 update bulletin.

ALT-PU-2020-1684-1

Package seafile updated to version 7.0.6-alt1 for branch p9 in task 249087.

Closed vulnerabilities

Published: 2019-02-21
Modified: 2024-11-21

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2020-1685-1

Package seafile-client updated to version 7.0.6-alt1 for branch p9 in task 249087.

Closed bugs

Bug #33772

Описание не переведено на русский язык

ALT-PU-2020-1686-1

Package apache2 updated to version 2.4.43-alt1 for branch p9 in task 249454.

Closed vulnerabilities

Published: 2020-02-24

BDU:2020-03568

Уязвимость функции mod_proxy_ftp сервера приложений Apache Tomcat, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2020-02-24

BDU:2020-03569

Уязвимость функции mod_rewrite сервера приложений Apache Tomcat, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2020-04-02
Modified: 2024-11-21

CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2020-04-01
Modified: 2024-11-21

CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top