ALT Linux Team

Branch p9 update on 2021-01-26

2021-01-26

ALT-BU-2021-3705-1

Branch p9 update bulletin.

ALT-PU-2021-1140-1

Package alterator-secsetup updated to version 2.0-alt3 for branch p9 in task 264862.

Closed bugs

Bug #37893

Падение LibreOffice при блокировке макросов в приложениях

ALT-PU-2021-1142-1

Package x11vnc updated to version 0.9.16-alt2 for branch p9 in task 264974.

Closed vulnerabilities

Published: 2020-10-18

BDU:2021-01776

Уязвимость компонента scan.c VNC-сервера X11vnc, связанная с отсутствием механизма авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-11-26
Modified: 2024-11-21

CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2021-1143-1

Package shellinabox updated to version 2.20-alt2 for branch p9 in task 265095.

Closed vulnerabilities

Published: 2019-03-21
Modified: 2024-11-21

CVE-2018-16789

libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top