ALT-BU-2020-3912-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-09-13
BDU:2020-04091
Уязвимость компонентов auths/spa.c и auths/auth-spa.c почтового сервера Exim, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- https://bugs.exim.org/show_bug.cgi?id=2571
- https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
- https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
- https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/
- https://usn.ubuntu.com/4366-1/
- https://www.debian.org/security/2020/dsa-4687
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- https://bugs.exim.org/show_bug.cgi?id=2571
- https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
- https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
- https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/
- https://usn.ubuntu.com/4366-1/
- https://www.debian.org/security/2020/dsa-4687
Closed vulnerabilities
BDU:2020-03977
Уязвимость веб-почты для IMAP-серверов на основе AJAX Roundcube, связанная с недостатками используемых мер по защите структур веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2020-15562
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
- https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82
- https://github.com/roundcube/roundcubemail/releases/tag/1.2.11
- https://github.com/roundcube/roundcubemail/releases/tag/1.3.14
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.7
- https://www.debian.org/security/2020/dsa-4720
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
- https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82
- https://github.com/roundcube/roundcubemail/releases/tag/1.2.11
- https://github.com/roundcube/roundcubemail/releases/tag/1.3.14
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.7
- https://www.debian.org/security/2020/dsa-4720
Package make-initrd updated to version 2.8.1-alt2 for branch sisyphus in task 254632.
Closed bugs
не собирается initrd, если не установлен make-initrd-ucode
Closed vulnerabilities
Modified: 2025-07-01
BDU:2021-01345
Уязвимость компонентов из mem_cache_store.rb и redis_cache_store.rb программной платформы Ruby on Rails, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2025-07-01
BDU:2021-01346
Уязвимость функции each_pair из strong_parameters.rb программной платформы Ruby on Rails, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-06175
Уязвимость программной платформы Ruby on Rails, связанная с реализацией функций безопасности на стороне клиента, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Modified: 2024-11-21
CVE-2020-8164
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
- https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
- https://hackerone.com/reports/292797
- https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
- https://www.debian.org/security/2020/dsa-4766
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
- https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
- https://hackerone.com/reports/292797
- https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
- https://www.debian.org/security/2020/dsa-4766
Modified: 2025-05-09
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
- https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
- https://hackerone.com/reports/413388
- https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
- https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
- https://www.debian.org/security/2020/dsa-4766
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
- https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
- https://hackerone.com/reports/413388
- https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
- https://security.netapp.com/advisory/ntap-20250509-0002/
- https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
- https://www.debian.org/security/2020/dsa-4766
Modified: 2024-11-21
CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Modified: 2024-11-21
CVE-2020-8167
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.