ALT-BU-2022-5667-1
Branch sisyphus_riscv64 update bulletin.
Package startup-rescue updated to version 0.43-alt1 for branch sisyphus_riscv64.
Closed bugs
Не находит fstab
Package rsync updated to version 3.2.5-alt0.1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-05498
Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками авторизации, позволяющая нарушителю записывать произвольные файлы
Modified: 2024-11-21
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
- [oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.
- [oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.
- https://github.com/WayneD/rsync/tags
- https://github.com/WayneD/rsync/tags
- FEDORA-2022-15da0cf165
- FEDORA-2022-15da0cf165
- FEDORA-2022-25e4dbedf9
- FEDORA-2022-25e4dbedf9
Package golang updated to version 1.18.5-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-32189
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
- https://go.dev/cl/417774
- https://go.dev/cl/417774
- https://go.dev/issue/53871
- https://go.dev/issue/53871
- https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
- https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
- https://groups.google.com/g/golang-announce/c/YqYYG87xB10
- https://groups.google.com/g/golang-announce/c/YqYYG87xB10
- https://pkg.go.dev/vuln/GO-2022-0537
- https://pkg.go.dev/vuln/GO-2022-0537