Branch sisyphus update bulletin.

Package grafana updated to version 7.1.3-alt1 for branch sisyphus in task 256438.

Published: 2020-10-28
Modified: 2024-11-21

CVE-2020-24303

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Package fossil updated to version 2.12-alt1 for branch sisyphus in task 256441.

Published: 2020-08-25
Modified: 2024-11-21

CVE-2020-24614

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package wine updated to version 5.12.1-alt2 for branch sisyphus in task 256359.

Добавить поддержку vulkan

Package wine-vanilla updated to version 5.13-alt2 for branch sisyphus in task 256359.

Добавить поддержку vulkan

Package kernel-image-mp updated to version 5.7.16-alt1 for branch sisyphus in task 256455.

Published: 2021-06-07
Modified: 2024-11-21

CVE-2020-36387

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package ntp updated to version 4.2.8p15-alt1 for branch sisyphus in task 256463.

Published: 2020-06-24

BDU:2020-03219

Уязвимость демона ntpd реализации протокола синхронизации времени NTP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2020-15025

Published: 2020-06-24
Modified: 2024-11-21

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Package firejail updated to version 0.9.62.4-alt1 for branch sisyphus in task 256450.

Published: 2020-08-11

BDU:2021-01718

Уязвимость функции check_output из output.c SUID изолированной программной среды Firejail, связанная с отсутствием мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2020-17367

Published: 2020-08-11

BDU:2021-01721

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2020-17368

Published: 2020-08-11
Modified: 2024-11-21

CVE-2020-17367

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-08-11
Modified: 2024-11-21

CVE-2020-17368

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package curl updated to version 7.72.0-alt1 for branch sisyphus in task 252078.

Published: 2020-07-31

BDU:2021-03503

Уязвимость программного средства для взаимодействия с серверами CURL, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2020-8231

Published: 2020-12-14
Modified: 2024-11-21

CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package earlyoom updated to version 1.6.1-alt2 for branch sisyphus in task 256466.

настройки в /etc/default

Package php7 updated to version 7.4.9-alt1 for branch sisyphus in task 256260.

Published: 2020-08-03

BDU:2021-01911

Уязвимость функции phar_parse_zipfile языка программирования php, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

Severity: LOW (3.6) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

References:

CVE-2020-7068

Published: 2020-09-09
Modified: 2024-11-21

CVE-2020-7068

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Severity: LOW (3.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

References:

Package kde5-kio-extras updated to version 20.04.3-alt1 for branch sisyphus in task 256430.

Published: 2020-05-09
Modified: 2024-11-21

CVE-2020-12755

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Version: 2.1.0

ALT-BU-2020-3985-12

Closed vulnerabilities

Closed vulnerabilities

Closed bugs

Closed bugs

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed bugs

Closed vulnerabilities

Closed vulnerabilities