ALT Linux Team

Branch sisyphus update on 2021-07-18

2021-07-18

ALT-BU-2021-4047-1

Branch sisyphus update bulletin.

ALT-PU-2021-2262-1

Package icecast updated to version 2.4.4-alt2 for branch sisyphus in task 279409.

Closed bugs

Bug #35807

Обновить конфигурационный файл

ALT-PU-2021-2263-1

Package cryptsetup updated to version 2.3.5-alt2 for branch sisyphus in task 279413.

Closed bugs

Bug #31052

Неверное сообщение в /etc/rc.d/init.d/cryptdisks.functions

ALT-PU-2021-2264-1

Package cacti updated to version 1.2.18-alt1 for branch sisyphus in task 279428.

Closed vulnerabilities

Published: 2021-11-14
Modified: 2024-11-21

CVE-2020-14424

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2021-01-11
Modified: 2024-11-21

CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2021-2265-1

Package chromium updated to version 91.0.4472.164-alt1 for branch sisyphus in task 279422.

Closed vulnerabilities

Published: 2021-07-15

BDU:2021-03940

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-06-12

BDU:2021-03941

Уязвимость реализации технологии XSLT (eXtensible Stylesheet Language Transformations) модуля отображения Blink браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-15

BDU:2021-03971

Уязвимость компонента WebXR браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-15

BDU:2021-03980

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-15

BDU:2021-04019

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-15

BDU:2021-04040

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-15

BDU:2021-04062

Уязвимость интерфейса Web Serial API браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-30541

Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-30559

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-30560

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-30561

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-30562

Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2025-02-19

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-30564

Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top