ALT-BU-2021-4181-1
Branch sisyphus update bulletin.
Package propagator updated to version 20210907-alt1 for branch sisyphus in task 284726.
Closed bugs
propagator: load_ramdisk_fd: sloppy error handling
Closed bugs
Unused logrotate script for MySQL router
Package livecd-install updated to version 0.9.17-alt1 for branch sisyphus in task 284742.
Closed bugs
thunar 4.17.4-alt1 не доверяет значку запуска livecd-install.desktop на рабочем столе
Closed bugs
В GRUB требуется команда blscfg
Closed vulnerabilities
BDU:2021-04558
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2022-05736
Уязвимость браузера Mozilla Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2022-05740
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2022-05744
Уязвимость браузера Mozilla Firefox для Android, позволяющая нарушителю вызвать отказ в обслуживании или провести спуфинг-атаки
BDU:2022-06099
Уязвимость браузера Mozilla Firefox, позволяющая нарушителю провести спуфинг-атаки
Modified: 2024-11-21
CVE-2021-29993
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1712242%2C1708767%2C1712240%2C1708544%2C1729259
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1712242%2C1708767%2C1712240%2C1708544%2C1729259
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-38/
Modified: 2024-11-21
CVE-2021-38491
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.
Modified: 2024-11-21
CVE-2021-38492
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1721107
- https://bugzilla.mozilla.org/show_bug.cgi?id=1721107
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-41/
- https://www.mozilla.org/security/advisories/mfsa2021-41/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
Modified: 2024-11-21
CVE-2021-38493
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-38/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://www.mozilla.org/security/advisories/mfsa2021-39/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
- https://www.mozilla.org/security/advisories/mfsa2021-42/
Modified: 2024-11-21
CVE-2021-38494
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.
Modified: 2024-11-21
CVE-2021-38495
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-40/
- https://www.mozilla.org/security/advisories/mfsa2021-41/
- https://www.mozilla.org/security/advisories/mfsa2021-41/
Modified: 2024-11-21
CVE-2022-1196
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1750679
- https://bugzilla.mozilla.org/show_bug.cgi?id=1750679
- https://www.mozilla.org/security/advisories/mfsa2022-14/
- https://www.mozilla.org/security/advisories/mfsa2022-14/
- https://www.mozilla.org/security/advisories/mfsa2022-15/
- https://www.mozilla.org/security/advisories/mfsa2022-15/
Package libisc-export-dhcp updated to version 9.11.32-alt2 for branch sisyphus in task 284751.
Closed bugs
Исправить файловые конфликты между пакетами