ALT-BU-2021-3952-1
Branch sisyphus update bulletin.
Package installer-scripts-remount-stage2 updated to version 0.5.21-alt1 for branch sisyphus in task 273561.
Closed bugs
Сломана установка через livecd-install после обновления udev до версии 248.3-alt1
Package thunderbird updated to version 78.11.0-alt1 for branch sisyphus in task 273507.
Closed vulnerabilities
BDU:2021-02858
Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2021-02898
Уязвимость почтового клиента Mozilla Thunderbird, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации
Modified: 2024-11-21
CVE-2021-29964
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1706501
- https://bugzilla.mozilla.org/show_bug.cgi?id=1706501
- https://www.mozilla.org/security/advisories/mfsa2021-23/
- https://www.mozilla.org/security/advisories/mfsa2021-23/
- https://www.mozilla.org/security/advisories/mfsa2021-24/
- https://www.mozilla.org/security/advisories/mfsa2021-24/
- https://www.mozilla.org/security/advisories/mfsa2021-26/
- https://www.mozilla.org/security/advisories/mfsa2021-26/
Modified: 2024-11-21
CVE-2021-29967
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-23/
- https://www.mozilla.org/security/advisories/mfsa2021-23/
- https://www.mozilla.org/security/advisories/mfsa2021-24/
- https://www.mozilla.org/security/advisories/mfsa2021-24/
- https://www.mozilla.org/security/advisories/mfsa2021-26/
- https://www.mozilla.org/security/advisories/mfsa2021-26/
Closed vulnerabilities
BDU:2021-03207
Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit, позволяющая нарушителю повысить свои привилегии
Modified: 2025-04-03
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Closed bugs
missing deps on perl-Net-DBus and perl-X11-Protocol