ALT Linux Team

Branch p10 update on 2022-09-02

2022-09-02

ALT-BU-2022-5917-1

Branch p10 update bulletin.

ALT-PU-2022-2533-1

Package gem-rexml updated to version 3.2.5-alt1 for branch p10 in task 305519.

Closed vulnerabilities

Published: 2021-04-12

BDU:2022-00302

Уязвимость интерпретатора языка программирования Ruby, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю оказать воздействие на целостность данных

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2021-04-21
Modified: 2024-11-21

CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:

ALT-PU-2022-2539-1

Package grilo updated to version 0.3.15-alt1 for branch p10 in task 305447.

Closed vulnerabilities

Published: 2021-08-22
Modified: 2024-11-21

CVE-2021-39365

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top