ALT Linux Team

Branch p9 update on 2020-11-24

2020-11-24

ALT-BU-2020-4159-1

Branch p9 update bulletin.

ALT-PU-2020-3397-1

Package python-module-logilab-devtools updated to version 0.23.0-alt3 for branch p9 in task 261539.

Closed bugs

Bug #39250

Не правильный путь импорта.

ALT-PU-2020-3398-1

Package zabbix updated to version 5.0.5-alt2.1.p9 for branch p9 in task 259248.

Closed vulnerabilities

Published: 2020-07-17
Modified: 2024-11-21

CVE-2020-15803

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:

Closed bugs

Bug #39282

Права доступа к каталогу и миграция параметров с zabbix4

Bug #39311

Нет double.sql необходимого для обновления баз с 4-й версии до 5-й

ALT-PU-2020-3399-1

Package libXtst updated to version 1.2.3-alt1 for branch p9 in task 261891.

Closed vulnerabilities

Published: 2016-12-13
Modified: 2025-04-12

CVE-2016-7951

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-13
Modified: 2025-04-12

CVE-2016-7952

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2020-3400-1

Package libXrender updated to version 0.9.10-alt1 for branch p9 in task 261891.

Closed vulnerabilities

Published: 2016-12-13
Modified: 2025-04-12

CVE-2016-7949

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-13
Modified: 2025-04-12

CVE-2016-7950

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top