Branch sisyphus_mipsel update bulletin.

Package startup-rescue updated to version 0.43-alt1 for branch sisyphus_mipsel.

Не находит fstab

Package rsync updated to version 3.2.5-alt0.1 for branch sisyphus_mipsel.

Published: 2022-08-02

BDU:2022-05498

Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками авторизации, позволяющая нарушителю записывать произвольные файлы

Severity: HIGH (7.4) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

References:

CVE-2022-29154

Published: 2022-08-02
Modified: 2024-11-21

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

References:

Package golang updated to version 1.18.5-alt1 for branch sisyphus_mipsel.

Published: 2022-08-10
Modified: 2024-11-21

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package gnutls30 updated to version 3.7.7-alt1 for branch sisyphus_mipsel.

Published: 2022-08-01
Modified: 2024-11-21

CVE-2022-2509

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package docs-alt-workstation updated to version 10.1-alt2 for branch sisyphus_mipsel.

Документация docs-alt-workstation - Опечатка в частице "то"

Документация docs-alt-workstation пункт 35.3. Центр приложений - Нет выделения для названия кнопки дополнительных сведений

Документация docs-alt-workstation пункт 35.3. Центр приложений - опечатки

Документация docs-alt-workstation пункт 34.2. Xsane - опечатки

Документация docs-alt-workstation пункт 34.2. Xsane - в поле "Назначение" нет значений "Файл", "Просмотр"

Package npm updated to version 8.11.0-alt2 for branch sisyphus_mipsel.

Published: 2023-06-13

BDU:2023-03309

Уязвимость пакетного менеджера npm, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2022-29244

Published: 2022-06-13
Modified: 2024-11-21

CVE-2022-29244

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Missing node-gyp

Version: 2.1.0

Branch sisyphus_mipsel update on 2022-08-04

ALT-BU-2022-5663-1

ALT-PU-2022-5657-1

Closed bugs

Bug #43376

ALT-PU-2022-5658-1

Closed vulnerabilities

BDU:2022-05498

CVE-2022-29154

ALT-PU-2022-5659-1

Closed vulnerabilities

CVE-2022-32189

ALT-PU-2022-5660-1

Closed vulnerabilities

CVE-2022-2509

ALT-PU-2022-5661-1

Closed bugs

Bug #43358

Bug #43369

Bug #43394

Bug #43398

Bug #43400

ALT-PU-2022-5662-1

Closed vulnerabilities

BDU:2023-03309

CVE-2022-29244

Closed bugs

Bug #42036