Branch sisyphus update bulletin.

Package wget updated to version 1.21.2-alt1 for branch sisyphus in task 285050.

Published: 2021-04-29
Modified: 2024-11-21

CVE-2021-31879

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Package cifs-utils updated to version 6.13-alt3 for branch sisyphus in task 285064.

Published: 2021-04-19
Modified: 2024-11-21

CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Severity: MEDIUM (4.9) Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

References:

Не работает монтирование сетевой папки с помощью pam_mount

Version: 2.1.2

Branch sisyphus update on 2021-09-13

ALT-BU-2021-4196-1

ALT-PU-2021-2773-1

Closed vulnerabilities

CVE-2021-31879

ALT-PU-2021-2774-1

Closed vulnerabilities

CVE-2021-20208

Closed bugs

Bug #40887