ALT-BU-2022-5574-2
Branch sisyphus update bulletin.
Package gtk2-theme-arc updated to version 20220405-alt1 for branch sisyphus in task 304118.
Closed bugs
Перевод пакета gtk2-theme-arc на форк (оригинал заброшен в 2017 году)
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-25643
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
- https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416
- https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416
- https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335
- https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335
- https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4
- https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4
- https://github.com/kennylevinsen/seatd/tags
- https://github.com/kennylevinsen/seatd/tags
- https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
- https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
- https://nvd.nist.gov/vuln/detail/CVE-2022-25643
- https://nvd.nist.gov/vuln/detail/CVE-2022-25643
Package kernel-image-centos updated to version 5.14.0.135-alt1.el9 for branch sisyphus in task 304134.
Closed vulnerabilities
BDU:2022-04733
Уязвимость функция nft_set_elem_init файла net/netfilter/nf_tables_api.c компонента User Namespace Handler ядра операционной системы Linux, позволяющая нарушителю получить root доступ
Modified: 2024-11-21
CVE-2022-34918
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
- http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html
- [oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init
- [oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init
- [oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init
- [oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
- https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u
- https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u
- https://security.netapp.com/advisory/ntap-20220826-0004/
- https://security.netapp.com/advisory/ntap-20220826-0004/
- DSA-5191
- DSA-5191
- https://www.openwall.com/lists/oss-security/2022/07/02/3
- https://www.openwall.com/lists/oss-security/2022/07/02/3
- https://www.randorisec.fr/crack-linux-firewall/
- https://www.randorisec.fr/crack-linux-firewall/
Package kernel-image-un-def updated to version 5.18.13-alt1 for branch sisyphus in task 304135.
Closed vulnerabilities
BDU:2022-04725
Уязвимость функции clear_bss ядра операционных систем Linux, связанная с ошибками при очистке начального символа блока (.bss), позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
- https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0
- https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0
- https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884
- https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884
- https://security.netapp.com/advisory/ntap-20220901-0003/
- https://security.netapp.com/advisory/ntap-20220901-0003/
- https://sick.codes/sick-2022-128
- https://sick.codes/sick-2022-128
Closed vulnerabilities
BDU:2022-04910
Уязвимость системы работы с заявками и инцидентами GLPI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
Modified: 2024-11-21
CVE-2022-31056
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.
- http://packetstormsecurity.com/files/171656/GLPI-10.0.2-SQL-Injection-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171656/GLPI-10.0.2-SQL-Injection-Remote-Code-Execution.html
- https://github.com/glpi-project/glpi/security/advisories/GHSA-9q9x-7xxh-w4cg
- https://github.com/glpi-project/glpi/security/advisories/GHSA-9q9x-7xxh-w4cg
Modified: 2024-11-21
CVE-2022-31061
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
- https://github.com/glpi-project/glpi/commit/21ae07d00d0b3230f6235386e98388cfc5bb0514
- https://github.com/glpi-project/glpi/commit/21ae07d00d0b3230f6235386e98388cfc5bb0514
- https://github.com/glpi-project/glpi/security/advisories/GHSA-w2gc-v2gm-q7wq
- https://github.com/glpi-project/glpi/security/advisories/GHSA-w2gc-v2gm-q7wq
Modified: 2024-11-21
CVE-2022-31068
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.
- https://github.com/glpi-project/glpi/commit/9953a644777e4167b06db9e14fc93b945a557be5
- https://github.com/glpi-project/glpi/commit/9953a644777e4167b06db9e14fc93b945a557be5
- https://github.com/glpi-project/glpi/security/advisories/GHSA-g4hm-6vfr-q3wg
- https://github.com/glpi-project/glpi/security/advisories/GHSA-g4hm-6vfr-q3wg
Package python3-module-ruamel-yaml updated to version 0.17.21-alt1 for branch sisyphus in task 304105.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-20478
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.