ALT Linux Team

Branch sisyphus_mipsel update on 2022-04-22

2022-04-22

ALT-BU-2022-4690-1

Branch sisyphus_mipsel update bulletin.

ALT-PU-2022-4682-1

Package alterator-ldap-users updated to version 0.8.6-alt2 for branch sisyphus_mipsel.

Closed bugs

Bug #41389

Невозможен вход доменного пользователя, созданного с использованием alterator-ldap / netcmdplus

Bug #41391

Не добавляется фотография при создании пользователя

ALT-PU-2022-4683-1

Package fribidi updated to version 1.0.12-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2022-04-08

BDU:2022-02658

Уязвимость функции fribidi_remove_bidi_marks() библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-04-08

BDU:2022-02659

Уязвимость библиотеки GNU FriBidi, вызванная переполнением буфера на стеке, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-04-08

BDU:2022-02660

Уязвимость функции fribidi_cap_rtl_to_unicode библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-09-06
Modified: 2024-11-21

CVE-2022-25308

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-09-06
Modified: 2024-11-21

CVE-2022-25309

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2022-09-06
Modified: 2024-11-21

CVE-2022-25310

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2022-4684-1

Package branding-alt-server updated to version 10.1-alt1 for branch sisyphus_mipsel.

Closed bugs

Bug #41514

При потере фокуса выбранный пользователь не подсвечивается в списке

ALT-PU-2022-4685-1

Package qt6-base updated to version 6.2.2-alt2 for branch sisyphus_mipsel.

Closed bugs

Bug #42468

rpm-macros-qt6 misrequires qt6-base-common

ALT-PU-2022-4686-1

Package librsync updated to version 2.3.2-alt2 for branch sisyphus_mipsel.

Closed bugs

Bug #42493

rdiff: Library does not support trace.

ALT-PU-2022-4687-1

Package libinput updated to version 1.20.1-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2022-04-20

BDU:2022-02695

Уязвимость функции evdev_log_msg библиотеки libinput реализации протоколов серверов отображения X.Org и Wayland, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-06-02
Modified: 2024-11-21

CVE-2022-1215

A format string vulnerability was found in libinput

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2022-4688-1

Package system-config-printer updated to version 1.5.16-alt3 for branch sisyphus_mipsel.

Closed bugs

Bug #42485

Не работает кнопка "Start service"

ALT-PU-2022-4689-1

Package vim updated to version 8.2.4784-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2022-04-13

BDU:2022-03269

Уязвимость реализации функции skip_range() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
References:
Published: 2022-04-14

BDU:2022-03270

Уязвимость текстового редактора Vim, связанная со смещением указателя за границы выделенной памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.8) Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
References:
Published: 2022-04-18
Modified: 2024-11-21

CVE-2022-1381

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-04-21
Modified: 2024-11-21

CVE-2022-1420

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top