ALT Linux Team

Branch sisyphus update on 2021-01-20

2021-01-20

ALT-BU-2021-3695-1

Branch sisyphus update bulletin.

ALT-PU-2021-1062-1

Package libguestfs updated to version 1.42.0-alt4 for branch sisyphus in task 263114.

Closed bugs

Bug #39365

Не хватает зависимости на db4.8-utils

ALT-PU-2021-1063-1

Package rpm-build-guestfs updated to version 0.7-alt1 for branch sisyphus in task 263114.

Closed bugs

Bug #39367

Inspection field ‘i_arch’ was ‘unknown’

ALT-PU-2021-1064-1

Package virt-v2v updated to version 1.43.1-alt3 for branch sisyphus in task 263114.

Closed bugs

Bug #39366

Не отрабатывает команда при LANG=ru_RU.UTF-8

ALT-PU-2021-1065-1

Package guacamole updated to version 1.3.0-alt1 for branch sisyphus in task 264852.

Closed vulnerabilities

Published: 2021-01-20
Modified: 2024-11-21

CVE-2020-11997

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-1066-1

Package haproxy updated to version 2.2.8-alt1 for branch sisyphus in task 264883.

Closed vulnerabilities

Published: 2020-04-02

BDU:2020-02035

Уязвимость функции hpack_dht_insert (hpack-tbl.c) библиотеки сетевого программного обеспечения HAProxy, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-04-02
Modified: 2024-11-21

CVE-2020-11100

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2021-1069-1

Package libproxy updated to version 0.4.17-alt1 for branch sisyphus in task 264902.

Closed vulnerabilities

Published: 2020-07-16

BDU:2022-00328

Уязвимость компонента url.cpp библиотеки для управления конфигурацией прокси Libproxy, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-09-07

BDU:2022-00336

Уязвимость функции url::recvline компонента url.cpp библиотеки для управления конфигурацией прокси Libproxy, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-09-10
Modified: 2024-11-21

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-09-30
Modified: 2024-11-21

CVE-2020-26154

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top