ALT-BU-2022-5517-1
Branch p10_e2k update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Package branding-alt-workstation updated to version 10.0.900-alt1 for branch p10_e2k.
Closed bugs
При потере фокуса выбранный пользователь не подсвечивается в списке
Closed vulnerabilities
Modified: 2022-10-18
BDU:2022-04307
Уязвимость библиотеки приложений exo среды рабочего стола XFCE, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-32278
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
- https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f
- https://lists.debian.org/debian-lts-announce/2022/06/msg00018.html
- https://www.debian.org/security/2022/dsa-5164
- https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f
- https://lists.debian.org/debian-lts-announce/2022/06/msg00018.html
- https://www.debian.org/security/2022/dsa-5164
Closed bugs
Обновить до версии 5.1
Package installer-alterator-pkg updated to version 3.0.1-alt1 for branch p10_e2k.
Closed bugs
Groups multiple lists