ALT Linux Team

Branch sisyphus update on 2021-08-10

2021-08-10

ALT-BU-2021-4107-1

Branch sisyphus update bulletin.

ALT-PU-2021-2468-1

Package golang updated to version 1.16.7-alt1 for branch sisyphus in task 282287.

Closed vulnerabilities

Published: 2021-08-08
Modified: 2024-11-21

CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2021-2469-1

Package tigervnc updated to version 1.11.0-alt1 for branch sisyphus in task 282309.

Closed vulnerabilities

Published: 2021-10-29
Modified: 2023-11-13

BDU:2021-05229

Уязвимость программного обеспечения для реализации VNC TigerVNC, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
References:
Published: 2020-09-27
Modified: 2024-11-21

CVE-2020-26117

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top