Branch p10 update bulletin.

Package fribidi updated to version 1.0.12-alt1 for branch p10 in task 298803.

Published: 2022-04-08

BDU:2022-02658

Уязвимость функции fribidi_remove_bidi_marks() библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-25310

Published: 2022-04-08

BDU:2022-02659

Уязвимость библиотеки GNU FriBidi, вызванная переполнением буфера на стеке, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-25308

Published: 2022-04-08

BDU:2022-02660

Уязвимость функции fribidi_cap_rtl_to_unicode библиотеки GNU FriBidi, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-25309

Published: 2022-09-06
Modified: 2024-11-21

CVE-2022-25308

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-09-06
Modified: 2024-11-21

CVE-2022-25309

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2022-09-06
Modified: 2024-11-21

CVE-2022-25310

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package system-config-printer updated to version 1.5.16-alt3 for branch p10 in task 298684.

не тянет по зависямостям пакет cups

Не работает кнопка "Start service"

Package qt5-webengine updated to version 5.15.9-alt1 for branch p10 in task 298743.

Published: 2022-03-02
Modified: 2024-11-21

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Version: 2.1.0

Branch p10 update on 2022-04-23

ALT-BU-2022-4694-1

ALT-PU-2022-1742-1

Closed vulnerabilities

BDU:2022-02658

BDU:2022-02659

BDU:2022-02660

CVE-2022-25308

CVE-2022-25309

CVE-2022-25310

ALT-PU-2022-1743-1

Closed bugs

Bug #42186

Bug #42485

ALT-PU-2022-1749-1

Closed vulnerabilities

CVE-2022-25634