Branch sisyphus update bulletin.

Package fuse updated to version 2.9.9-alt3 for branch sisyphus in task 298325.

libfuse depends on fuse

Package golang updated to version 1.17.9-alt1 for branch sisyphus in task 298387.

Published: 2022-04-20
Modified: 2024-11-21

CVE-2022-24675

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2022-04-20
Modified: 2024-11-21

CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2022-04-20
Modified: 2024-11-21

CVE-2022-28327

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package alterator-osec updated to version 0.2.2-alt1 for branch sisyphus in task 298380.

Не обновляет статус выполнения в Веб-интерфейсе

Неясно применение функции Отправлять отчёт

Не уменьшает значение количество хранимых файлов журнала

Отпечатка в справке (фалов -> файлов)

Version: 2.1.0

Branch sisyphus update on 2022-04-14

ALT-BU-2022-4594-1

ALT-PU-2022-1686-1

Closed bugs

Bug #38714

ALT-PU-2022-1689-1

Closed vulnerabilities

CVE-2022-24675

CVE-2022-27536

CVE-2022-28327

ALT-PU-2022-1690-1

Closed bugs

Bug #42269

Bug #42270

Bug #42272

Bug #42273