ALT Linux Team

Branch sisyphus_riscv64 update on 2021-11-30

2021-11-30

ALT-BU-2021-4445-1

Branch sisyphus_riscv64 update bulletin.

ALT-PU-2021-4437-1

Package pacemaker updated to version 2.1.2-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2020-10-27

BDU:2021-03617

Уязвимость программного средства управления ресурсами кластера Pacemaker, связанная с недостатками контроля доступа, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-11-24
Modified: 2024-11-21

CVE-2020-25654

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2021-4438-1

Package espeak updated to version 1.48.04-alt3 for branch sisyphus_riscv64.

Closed bugs

Bug #41463

espeak-data: конфликты при обновлении

ALT-PU-2021-4439-1

Package apache2 updated to version 2.4.51-alt2 for branch sisyphus_riscv64.

Closed bugs

Bug #41456

Зависит от systemd

ALT-PU-2021-4440-1

Package ethtool updated to version 5.15-alt1 for branch sisyphus_riscv64.

Closed bugs

Bug #41460

В README.ALT осталось упоминание init-скрипта

ALT-PU-2021-4441-1

Package bluez updated to version 5.62-alt2 for branch sisyphus_riscv64.

Closed bugs

Bug #41458

Требует /bin/systemctl

ALT-PU-2021-4442-1

Package alterator-setup updated to version 0.3.14-alt1 for branch sisyphus_riscv64.

Closed bugs

Bug #41457

alterator-setup зависит от systemd

ALT-PU-2021-4443-1

Package drbd-utils updated to version 9.19.1-alt3 for branch sisyphus_riscv64.

Closed bugs

Bug #41454

Зависит от systemd

ALT-PU-2021-4444-1

Package elinks updated to version 0.14.3-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2018-02-23
Modified: 2024-11-21

CVE-2012-6709

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top