Branch p9 update bulletin.

Package alterator-secsetup updated to version 2.0-alt3 for branch p9 in task 264862.

Падение LibreOffice при блокировке макросов в приложениях

Package x11vnc updated to version 0.9.16-alt2 for branch p9 in task 264974.

Published: 2021-03-30
Modified: 2025-11-26

BDU:2021-01776

Уязвимость компонента scan.c VNC-сервера X11vnc, связанная с отсутствием механизма авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

CVE-2020-29074

Published: 2020-11-25
Modified: 2024-11-21

CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package shellinabox updated to version 2.20-alt2 for branch p9 in task 265095.

Published: 2019-03-21
Modified: 2024-11-21

CVE-2018-16789

libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Branch p9 update on 2021-01-26

ALT-BU-2021-3705-1

ALT-PU-2021-1140-1

Closed bugs

Bug #37893

ALT-PU-2021-1142-1

Closed vulnerabilities

BDU:2021-01776

CVE-2020-29074

ALT-PU-2021-1143-1

Closed vulnerabilities

CVE-2018-16789