ALT Linux Team

Branch sisyphus update on 2022-03-24

2022-03-24

ALT-BU-2022-4377-1

Branch sisyphus update bulletin.

ALT-PU-2022-1554-1

Package gnome-builder updated to version 42.0-alt1 for branch sisyphus in task 296812.

Closed bugs

Bug #41815

Кнопка Начать новый проект -> нет пробела между словами

ALT-PU-2022-1555-1

Package frr updated to version 8.2.2-alt1 for branch sisyphus in task 296987.

Closed vulnerabilities

Published: 2022-03-03

BDU:2022-05218

Уязвимость функции babel_packet_examin() (babeld/message.c) программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2022-03-03

BDU:2022-05222

Уязвимость функции babel_packet_examin() (babeld/message.c) программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2022-03-03

BDU:2022-05223

Уязвимость функций parse_hello_subtlv(), parse_ihu_subtlv() и parse_update_subtl() программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2022-03-03
Modified: 2024-11-21

CVE-2022-26125

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-03-03
Modified: 2024-11-21

CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-03-03
Modified: 2024-11-21

CVE-2022-26127

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-03-03
Modified: 2024-11-21

CVE-2022-26128

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-03-03
Modified: 2024-11-21

CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2022-1556-1

Package rsyslog updated to version 8.2202.0-alt1 for branch sisyphus in task 297015.

Closed bugs

Bug #37239

Неправильный порядок загрузки конфигурации из /etc/rsyslog.d

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top