An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-08-23
Modified: 2024-11-21

CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2021-07-20
Modified: 2025-11-03

CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package bind updated to version 9.11.37-alt1 for branch p10 in task 296816.

Published: 2022-09-16
Modified: 2025-07-07

BDU:2022-05754

Уязвимость сервера DNS BIND, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю оказать воздействие на целостность данных

Severity: HIGH (8.6) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

CVE-2021-25220

Published: 2022-03-23
Modified: 2024-11-21

CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

References:

Package packagekit updated to version 1.2.5-alt4 for branch p10 in task 296638.

Добавить ожидание сети в systemd-сервис

Не работает удаление пакетов в gnome-sofware

Version: 2.1.2

Branch p10 update on 2022-03-22

ALT-BU-2022-4326-1

ALT-PU-2022-1524-1

Closed vulnerabilities

BDU:2021-03887

BDU:2022-01463

BDU:2022-01464

CVE-2021-23177

CVE-2021-31566

CVE-2021-36976

ALT-PU-2022-1529-1

Closed vulnerabilities

BDU:2022-05754

CVE-2021-25220

ALT-PU-2022-1533-1

Closed bugs

Bug #41633

Bug #42094