ALT-BU-2022-3813-2
Branch sisyphus update bulletin.
Package python3-module-mkdocs updated to version 1.2.3-alt1 for branch sisyphus in task 294062.
Closed bugs
Не загружаются иконочные шрифты
Closed bugs
исправить octave.filetrigger, чтобы он не пытался использовать window system
Closed bugs
Некорректное отображение на системе ALT Education
Closed vulnerabilities
Modified: 2024-04-03
BDU:2022-00744
Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-04-03
BDU:2022-00745
Уязвимость реализации push-уведомлений браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-04-03
BDU:2022-00750
Уязвимость набора инструментов для веб-разработки DevTools браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Modified: 2024-09-30
BDU:2022-00792
Уязвимость диспетчера задачTask Manager браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Modified: 2024-09-24
BDU:2022-00834
Уязвимость функции изоляции сайтов (Site Isolation) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Modified: 2024-04-03
BDU:2022-00857
Уязвимость компонента Data Transfer браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-04-03
BDU:2022-00864
Уязвимость компонента Web packaging браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Modified: 2024-04-03
BDU:2022-00865
Уязвимость службы Optimization Guide браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-04-03
BDU:2022-00866
Уязвимость реализации функции автозаполнения Autofill браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности
Modified: 2024-04-03
BDU:2022-00867
Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Modified: 2024-04-03
BDU:2022-00868
Уязвимость компонента Storage браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
Modified: 2024-04-03
BDU:2022-00874
Уязвимость адресной строки Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Modified: 2024-04-03
BDU:2022-01053
Уязвимость компонента Task Manager браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Modified: 2024-11-21
CVE-2022-0289
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/166547/Chrome-safe_browsing-ThreatDetails-OnReceivedThreatDOMDetails-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1284367
- http://packetstormsecurity.com/files/166547/Chrome-safe_browsing-ThreatDetails-OnReceivedThreatDOMDetails-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1284367
Modified: 2024-11-21
CVE-2022-0290
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1260134
- http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1260134
Modified: 2024-11-21
CVE-2022-0291
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0292
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0293
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0294
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0295
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0296
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0297
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0298
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0300
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0301
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0302
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0304
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0305
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0306
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/166367/Chrome-chrome_pdf-PDFiumEngine-RequestThumbnail-Heap-Buffer-Overflow.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1283198
- http://packetstormsecurity.com/files/166367/Chrome-chrome_pdf-PDFiumEngine-RequestThumbnail-Heap-Buffer-Overflow.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1283198
Modified: 2024-11-21
CVE-2022-0307
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0308
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0309
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0310
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
Modified: 2024-11-21
CVE-2022-0311
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Closed vulnerabilities
Modified: 2024-04-27
BDU:2023-07627
Уязвимость конфигурационного файла Grub, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2021-3981
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
- http://www.openwall.com/lists/oss-security/2024/01/15/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2024170
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/
- https://security.gentoo.org/glsa/202209-12
- http://www.openwall.com/lists/oss-security/2024/01/15/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2024170
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/
- https://security.gentoo.org/glsa/202209-12