ALT-BU-2020-3790-1
Branch sisyphus update bulletin.
Package kf5-kirigami updated to version 5.69.0-alt2 for branch sisyphus in task 250859.
Closed bugs
systemsettings5 cегфолтится при выборе пункта Локализация
Package udev-rule-generator updated to version 1.4-alt1 for branch sisyphus in task 250656.
Closed bugs
Не создаёт persistent-net.rules
Не использует свежесгенерированные имена интерфейсов.
Package kernel-image-std-def updated to version 5.4.36-alt1 for branch sisyphus in task 250879.
Closed vulnerabilities
BDU:2020-03819
Уязвимость функции enable_sacf_uaccess ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-11884
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
- FEDORA-2020-b453269c4e
- FEDORA-2020-16f9239805
- FEDORA-2020-64d46a6e29
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4342-1
- USN-4343-1
- USN-4345-1
- DSA-4667
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000
- DSA-4667
- USN-4345-1
- USN-4343-1
- USN-4342-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- FEDORA-2020-64d46a6e29
- FEDORA-2020-16f9239805
- FEDORA-2020-b453269c4e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
Package telegram-desktop updated to version 2.1.0-alt1 for branch sisyphus in task 250896.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-12474
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
Closed vulnerabilities
BDU:2020-03991
Уязвимость решения для IMAP-серверов на основе AJAX Roundcube, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-03992
Уязвимость решения для IMAP-серверов на основе AJAX Roundcube, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2020-12625
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
- openSUSE-SU-2020:1516
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube
- https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- GLSA-202007-41
- DSA-4674
- openSUSE-SU-2020:1516
- DSA-4674
- GLSA-202007-41
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube
Modified: 2024-11-21
CVE-2020-12626
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
- https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/pull/7302
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- GLSA-202007-41
- DSA-4674
- https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6
- DSA-4674
- GLSA-202007-41
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- https://github.com/roundcube/roundcubemail/pull/7302
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
Modified: 2024-11-21
CVE-2020-12640
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
- openSUSE-SU-2020:1516
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube
- https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
- GLSA-202007-41
- openSUSE-SU-2020:1516
- GLSA-202007-41
- https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube
Modified: 2025-03-14
CVE-2020-12641
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
- openSUSE-SU-2020:1516
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
- https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
- GLSA-202007-41
- GLSA-202007-41
- https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
- openSUSE-SU-2020:1516
Package php7-opcache updated to version 7.3.17-alt1.3 for branch sisyphus in task 250903.
Closed bugs
После обновления с 7.2 до 7.3 перестал работать opcache