ALT-BU-2021-4316-12
Branch sisyphus update bulletin.
Closed bugs
epm play: Неудовлетворённые зависимости при установке viber
epm upgrade: Некорректное поведение при передаче параметров
Не работает удаление sputnik-browser с помощью epm play --remove
Closed bugs
Не хватает зависимости на avalon-framework
Closed vulnerabilities
BDU:2021-05228
Уязвимость компонента SAPI расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю повысить свои привилегии до root
Modified: 2024-11-21
CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
- [oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root
- [oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root
- https://bugs.php.net/bug.php?id=81026
- https://bugs.php.net/bug.php?id=81026
- [debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update
- [debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update
- FEDORA-2021-02d218c3be
- FEDORA-2021-02d218c3be
- FEDORA-2021-9f68f5f752
- FEDORA-2021-9f68f5f752
- FEDORA-2021-4140b54de2
- FEDORA-2021-4140b54de2
- GLSA-202209-20
- GLSA-202209-20
- https://security.netapp.com/advisory/ntap-20211118-0003/
- https://security.netapp.com/advisory/ntap-20211118-0003/
- DSA-4992
- DSA-4992
- DSA-4993
- DSA-4993
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Closed vulnerabilities
BDU:2021-05228
Уязвимость компонента SAPI расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю повысить свои привилегии до root
Modified: 2024-11-21
CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
- [oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root
- [oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root
- https://bugs.php.net/bug.php?id=81026
- https://bugs.php.net/bug.php?id=81026
- [debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update
- [debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update
- FEDORA-2021-02d218c3be
- FEDORA-2021-02d218c3be
- FEDORA-2021-9f68f5f752
- FEDORA-2021-9f68f5f752
- FEDORA-2021-4140b54de2
- FEDORA-2021-4140b54de2
- GLSA-202209-20
- GLSA-202209-20
- https://security.netapp.com/advisory/ntap-20211118-0003/
- https://security.netapp.com/advisory/ntap-20211118-0003/
- DSA-4992
- DSA-4992
- DSA-4993
- DSA-4993
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Closed vulnerabilities
BDU:2022-00686
Уязвимость DNS-сервера BIND, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://kb.isc.org/v1/docs/cve-2021-25219
- https://kb.isc.org/v1/docs/cve-2021-25219
- [debian-lts-announce] 20211102 [SECURITY] [DLA 2807-1] bind9 security update
- [debian-lts-announce] 20211102 [SECURITY] [DLA 2807-1] bind9 security update
- FEDORA-2021-eb8dab50ba
- FEDORA-2021-eb8dab50ba
- FEDORA-2021-39b33260b8
- FEDORA-2021-39b33260b8
- FEDORA-2021-58e7b873b7
- FEDORA-2021-58e7b873b7
- GLSA-202210-25
- GLSA-202210-25
- https://security.netapp.com/advisory/ntap-20211118-0002/
- https://security.netapp.com/advisory/ntap-20211118-0002/
- DSA-4994
- DSA-4994
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html