ALT Linux Team

Branch p10 update on 2022-09-09

2022-09-09

ALT-BU-2022-6091-1

Branch p10 update bulletin.

ALT-PU-2022-2580-1

Package zabbix updated to version 6.0.8-alt0.rc2.1 for branch p10 in task 305941.

Closed bugs

Bug #43640

Проблема запуска после обновления на версию 6.0.7

ALT-PU-2022-2583-1

Package papirus-icon-theme updated to version 20220808-alt1 for branch p10 in task 306198.

Closed bugs

Bug #42867

Некорректный цвет значков

ALT-PU-2022-2584-1

Package loki updated to version 2.6.1-alt2 for branch p10 in task 306122.

Closed vulnerabilities

Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top