ALT Linux Team

Branch sisyphus_e2k update on 2021-12-01

2021-12-01

ALT-BU-2021-4464-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2021-4450-1

Package php8.0 updated to version 8.0.13-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4451-1

Package php7 updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4452-1

Package php7-curl updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4453-1

Package php7-gd updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4454-1

Package php7-openssl updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4455-1

Package php7-pdo_mysql updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4456-1

Package php7-pgsql updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4457-1

Package php7-zip updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4458-1

Package php7-xsl updated to version 7.4.26-alt1.1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4459-1

Package php7-intl updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4460-1

Package php7-opcache updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4461-1

Package php7-xmlrpc updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4462-1

Package php7-tidy updated to version 7.4.26-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-11-29

BDU:2022-02394

Уязвимость функции simplexml_load_file() интерпретатора PHP , позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-11-29
Modified: 2024-11-21

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:

ALT-PU-2021-4463-1

Package blackbox updated to version 0.76-alt2 for branch sisyphus_e2k.

Closed bugs

Bug #41351

Не разрешенные файловые конфликты с пакетом tatham-puzzles

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top