ALT-BU-2021-3833-1
Branch sisyphus update bulletin.
Package xscreensaver updated to version 5.45-alt2 for branch sisyphus in task 268795.
Closed bugs
xscreensaver не находит /usr/share/license/GPL
Closed vulnerabilities
BDU:2023-01681
Уязвимость метода init() универсальной системы мониторинга Zabbix, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-27927
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.
Package plasma5-discover updated to version 5.21.3-alt1 for branch sisyphus in task 268660.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-28117
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
- https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356
- https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356
- https://github.com/KDE/discover/releases
- https://github.com/KDE/discover/releases
- https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60
- https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60
- https://kde.org/info/security/advisory-20210310-1.txt
- https://kde.org/info/security/advisory-20210310-1.txt
- https://userbase.kde.org/Discover
- https://userbase.kde.org/Discover