ALT Linux Team

Branch sisyphus update on 2022-08-05

2022-08-05

ALT-BU-2022-5672-2

Branch sisyphus update bulletin.

ALT-PU-2022-2346-1

Package python3 updated to version 3.10.6-alt1 for branch sisyphus in task 304753.

Closed vulnerabilities

Published: 2022-08-23
Modified: 2025-12-17

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
References:

ALT-PU-2022-2348-2

Package cups updated to version 2.4.2-alt1 for branch sisyphus in task 304732.

Closed vulnerabilities

Published: 2022-08-01
Modified: 2024-09-30

BDU:2022-04718

Уязвимость сервера печати CUPS, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2022-05-26
Modified: 2024-11-21

CVE-2022-26691

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #43413

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top