ALT-BU-2022-5414-1
Branch sisyphus_mipsel update bulletin.
Package git updated to version 2.33.4-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-04385
Уязвимость распределенной системы управления версиями Git, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии или выполнить произвольные команды
Modified: 2024-11-21
CVE-2022-29187
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
- 20221107 APPLE-SA-2022-11-01-1 Xcode 14.1
- 20221107 APPLE-SA-2022-11-01-1 Xcode 14.1
- [oss-security] 20220713 Git v2.37.1 and friends for CVE-2022-29187
- [oss-security] 20220713 Git v2.37.1 and friends for CVE-2022-29187
- https://github.blog/2022-04-12-git-security-vulnerability-announced
- https://github.blog/2022-04-12-git-security-vulnerability-announced
- https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v
- https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v
- [debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update
- [debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update
- FEDORA-2022-2a5de7cb8b
- FEDORA-2022-2a5de7cb8b
- FEDORA-2023-470c7ea49e
- FEDORA-2023-470c7ea49e
- FEDORA-2023-1068309389
- FEDORA-2023-1068309389
- FEDORA-2022-dfd7e7fc0e
- FEDORA-2022-dfd7e7fc0e
- FEDORA-2023-3ec32f6d4e
- FEDORA-2023-3ec32f6d4e
- FEDORA-2023-e3c8abd37e
- FEDORA-2023-e3c8abd37e
- https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/T/#u
- https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/T/#u
- GLSA-202312-15
- GLSA-202312-15
- GLSA-202401-17
- GLSA-202401-17
- https://support.apple.com/kb/HT213496
- https://support.apple.com/kb/HT213496
Package nginx updated to version 1.22.0-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
- https://alpaca-attack.com/
- https://alpaca-attack.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=1975623
- https://bugzilla.redhat.com/show_bug.cgi?id=1975623
- [debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update
- [debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update
Package pacemaker updated to version 2.1.4-alt2 for branch sisyphus_mipsel.
Closed bugs
pacemaker-cli 2.1.4-alt1 зависит от putty, который зависит от графических библиотек
Package protobuf-c updated to version 1.4.1-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-03313
Уязвимость функции parse_required_member() протокола сериализации данных protobuf-c, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код и привести систему к полной компрометации
Modified: 2024-11-21
CVE-2022-33070
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Modified: 2025-02-07
CVE-2022-48468
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
- https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
- https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
- https://github.com/protobuf-c/protobuf-c/issues/499
- https://github.com/protobuf-c/protobuf-c/issues/499
- https://github.com/protobuf-c/protobuf-c/pull/513
- https://github.com/protobuf-c/protobuf-c/pull/513
- https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
- https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
- FEDORA-2023-4e094d5297
- FEDORA-2023-4e094d5297
- FEDORA-2023-8b0938312e
- FEDORA-2023-8b0938312e
- FEDORA-2023-6cfe134db6
- FEDORA-2023-6cfe134db6
Package docs-alt-server updated to version 10.1-alt2 for branch sisyphus_mipsel.
Closed bugs
Опечатка в пункте 45.1. "Настройка smb.conf" в документации docs-alt-server
Опечатки в пункте 25.4. "MATE: Меню Система" в документации docs-alt-server
Ошибка в синтаксисе команды proxmox-backup-client в разделе 53.6.3. Восстановление данных
Некорректное отображение команды и результата её выполнения в разделе 53.7. Интеграция с PVE
Ошибки при выполнении команд из раздела 53.7. Интеграция с PVE
Несоответствие текста и скриншота в разделе Глава 16. Администратор системы
Package docs-alt-kworkstation updated to version 10.1-alt2 for branch sisyphus_mipsel.
Closed bugs
Опечатка в примечании о создании подтомов в документации для Workstation K 10.1
Ошибка в примечании о установке загрузчика в документации для Workstation K 10.1
Некорректный синтаксис команды для установки пакетов для работы сканеров в документации для Workstation K 10.1