ALT-BU-2021-3853-1
Branch sisyphus update bulletin.
Closed bugs
отсутствует tkFont.h
Package alt-csp-cryptopro updated to version 0.1.4-alt1 for branch sisyphus in task 269831.
Closed bugs
Дополнительное окно при запросе пароля на контейнер (при создании подписи)
Package freeswitch updated to version 1.10.6-alt1 for branch sisyphus in task 269835.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-36513
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.
- https://github.com/signalwire/freeswitch/issues/1245
- https://github.com/signalwire/freeswitch/issues/1245
- https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
- https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
- https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6
- https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6
Modified: 2024-11-21
CVE-2021-41157
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.
- 20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
- 20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
- https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e
- https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e
- https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
- https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
Package alterator-multiseat updated to version 0.0.2-alt1 for branch sisyphus in task 269833.
Closed bugs
alterator-multiseat: отсутствует информация про основное рабочее место (seat0)
Не работает тестовая активация в alterator-multiseat
alterator-multiseat: не очищается поле "Устройства рабочего места" после нажатия на кнопку "Освободить все устройства"
После удаления доп. рабочего места (seat1) устройства не возвращаются основному рабочему месту (seat0)
alterator-multiseat: исправить в Справке информацию про sddm
alterator-multiseat: мультивыбор при добавлении устройств
alterator-multiseat: для применения изменений необходима перезагрузка (добавить предупреждение)
alterator-multiseat: ненужная функциональность кнопок Применить и Сброс
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-14150
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.
Closed bugs
обновить до 3.4.2, либо новее