ALT-BU-2020-4154-1
Branch sisyphus update bulletin.
Closed bugs
Нет double.sql необходимого для обновления баз с 4-й версии до 5-й
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1890354
- https://bugzilla.redhat.com/show_bug.cgi?id=1890354
- https://ceph.io/community/v15-2-6-octopus-released/
- https://ceph.io/community/v15-2-6-octopus-released/
- https://ceph.io/releases/v14-2-14-nautilus-released/
- https://ceph.io/releases/v14-2-14-nautilus-released/
- FEDORA-2020-a8f1120195
- FEDORA-2020-a8f1120195
- GLSA-202105-39
- GLSA-202105-39
Closed bugs
Ошибки клиента KIO при переходе к некоторым точкам входа
Closed vulnerabilities
BDU:2021-01472
Уязвимость библиотеки WEBrick языка программирования Ruby, связанная с некорректной проверкой значения заголовка, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
- https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
- https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
- https://hackerone.com/reports/965267
- https://hackerone.com/reports/965267
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update
- FEDORA-2020-02ca18c2a0
- FEDORA-2020-02ca18c2a0
- FEDORA-2020-fe2a7d7390
- FEDORA-2020-fe2a7d7390
- GLSA-202401-27
- GLSA-202401-27
- https://security.netapp.com/advisory/ntap-20210115-0008/
- https://security.netapp.com/advisory/ntap-20210115-0008/
- https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
- https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
Closed vulnerabilities
BDU:2023-03437
Уязвимость реализации сетевого протокола Kerberos операционных систем Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Альт 8 СП, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-28196
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
- https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
- https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2437-1] krb5 security update
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2437-1] krb5 security update
- FEDORA-2020-0df38b2843
- FEDORA-2020-0df38b2843
- FEDORA-2020-32193cbbe6
- FEDORA-2020-32193cbbe6
- FEDORA-2020-27b577ab23
- FEDORA-2020-27b577ab23
- GLSA-202011-17
- GLSA-202011-17
- https://security.netapp.com/advisory/ntap-20201202-0001/
- https://security.netapp.com/advisory/ntap-20201202-0001/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- DSA-4795
- DSA-4795
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Closed bugs
Файловые конфликты с пакетом gnustep-gworkspace
Package cifs-utils updated to version 6.11-alt1 for branch sisyphus in task 262137.
Closed vulnerabilities
BDU:2023-00213
Уязвимость команды arbitrary утилит файловой системы CIFS CIFS-utils, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-14342
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.
- openSUSE-SU-2020:1579
- openSUSE-SU-2020:1579
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342
- FEDORA-2020-ea0b9caac3
- FEDORA-2020-ea0b9caac3
- FEDORA-2020-cfdd73f1b4
- FEDORA-2020-cfdd73f1b4
- https://lists.samba.org/archive/samba-technical/2020-September/135747.html
- https://lists.samba.org/archive/samba-technical/2020-September/135747.html
- GLSA-202009-16
- GLSA-202009-16
Closed vulnerabilities
BDU:2019-03222
Уязвимость модуля gdb отладчика GDB, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-1010180
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
- openSUSE-SU-2019:2415
- openSUSE-SU-2019:2415
- openSUSE-SU-2019:2432
- openSUSE-SU-2019:2432
- openSUSE-SU-2019:2494
- openSUSE-SU-2019:2494
- openSUSE-SU-2019:2493
- openSUSE-SU-2019:2493
- 109367
- 109367
- GLSA-202003-31
- GLSA-202003-31
- https://sourceware.org/bugzilla/show_bug.cgi?id=23657
- https://sourceware.org/bugzilla/show_bug.cgi?id=23657
Package postgresql13 updated to version 13.1-alt2 for branch sisyphus in task 262093.
Closed bugs
Файловые конфликты с пакетом postgresql12
Package postgresql9.5 updated to version 9.5.24-alt2 for branch sisyphus in task 262093.
Closed bugs
Файловые конфликты с пакетом postgresql12
Package postgresql9.6 updated to version 9.6.20-alt2 for branch sisyphus in task 262093.
Closed bugs
Файловые конфликты с пакетом postgresql12
Package postgresql10 updated to version 10.15-alt2 for branch sisyphus in task 262093.
Closed bugs
Файловые конфликты с пакетом postgresql12
Package postgresql11 updated to version 11.10-alt2 for branch sisyphus in task 262093.
Closed bugs
Файловые конфликты с пакетом postgresql12
Package postgresql12 updated to version 12.5-alt2 for branch sisyphus in task 262093.
Closed bugs
Файловые конфликты с пакетом postgresql12