ALT-BU-2022-6148-2
Branch p10 update bulletin.
Package gimagereader updated to version 3.4.0-alt3 for branch p10 in task 305921.
Closed bugs
Некорректная работа со сканером МФУ Inc. f+ imaging M60ade
Package open-vm-tools updated to version 12.1.0-alt1 for branch p10 in task 306078.
Closed vulnerabilities
BDU:2022-02316
Уязвимость набора утилит VMware Tools для операционных систем Windows, связанная с использованием ненадёжного пути поиска, позволяющая нарушителю выполнить произвольный код с системными привилегиями
BDU:2024-09868
Уязвимость компонента mount.vmhgfs набора модулей для продуктов VMware Open-vm-tools, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2009-1143
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
Modified: 2024-11-21
CVE-2011-1681
vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
- [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- 44904
- https://bugzilla.redhat.com/show_bug.cgi?id=688980
- vmware-vmwarehgfsmounter-sec-bypass(66699)
- openSUSE-SU-2011:0617
- [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- openSUSE-SU-2011:0617
- vmware-vmwarehgfsmounter-sec-bypass(66699)
- https://bugzilla.redhat.com/show_bug.cgi?id=688980
- 44904
- [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
- [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
Modified: 2024-11-21
CVE-2022-22943
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-31001
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.
- https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36
- https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36
- https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
- https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
- [debian-lts-announce] 20220902 [SECURITY] [DLA 3091-1] sofia-sip security update
- [debian-lts-announce] 20220902 [SECURITY] [DLA 3091-1] sofia-sip security update
- GLSA-202210-18
- GLSA-202210-18
- DSA-5410
- DSA-5410
Package virtualbox updated to version 6.1.38-alt1 for branch p10 in task 306105.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-39422
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2022-39423
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
Package kernel-modules-virtualbox-addition-un-def updated to version 6.1.38-alt1.331583.1 for branch p10 in task 306105.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-39422
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2022-39423
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
Package kernel-modules-virtualbox-un-def updated to version 6.1.38-alt1.331583.1 for branch p10 in task 306105.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-39422
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2022-39423
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
Package kernel-modules-virtualbox-std-def updated to version 6.1.38-alt1.330379.1 for branch p10 in task 306105.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-39422
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2022-39423
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
Package kernel-modules-virtualbox-addition-std-def updated to version 6.1.38-alt1.330379.1 for branch p10 in task 306105.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-39422
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2022-39423
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).