ALT-BU-2020-3828-1
Branch sisyphus update bulletin.
Package alterator-net-iptables updated to version 4.19.8-alt1 for branch sisyphus in task 251975.
Closed bugs
Невозможно для всех интерфейсов открыть или закрыть порт
Package postgresql12 updated to version 12.3-alt1 for branch sisyphus in task 252060.
Closed vulnerabilities
BDU:2023-00612
Уязвимость установщика Windows installer системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2020-10733
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.
Package postgresql11 updated to version 11.8-alt1 for branch sisyphus in task 252060.
Closed vulnerabilities
BDU:2023-00612
Уязвимость установщика Windows installer системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-21
CVE-2020-10733
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.
Package knot-resolver updated to version 5.1.1-alt1 for branch sisyphus in task 252073.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-12667
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
- http://cyber-security-group.cs.tau.ac.il/#
- [oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation
- https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
- [debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update
- FEDORA-2020-bf68101ad3
- https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html
- http://cyber-security-group.cs.tau.ac.il/#
- https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html
- FEDORA-2020-bf68101ad3
- [debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update
- https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
- [oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation
Closed bugs
Для манифестов отсутствуют каталоги /etc/puppet/code/environments/production/manifests/
Package xfce4-whiskermenu-plugin updated to version 2.4.4-alt2 for branch sisyphus in task 252080.
Closed bugs
Не активна кнопка Сменить пользователя в в whisker-меню рабочего стола xfce
Package puppetserver updated to version 6.5.0-alt3 for branch sisyphus in task 252083.
Closed bugs
Не достаточно выделенной оперативной памяти по умолчанию.
Package bubblewrap updated to version 0.4.1-alt2 for branch sisyphus in task 251987.
Closed bugs
bwrap игнорирует PATH при поиске запускаемых приложений
Closed bugs
Не завершается процесс pcmanfm при выходе из сессии LXDE