ALT Linux Team

Branch sisyphus_mipsel update on 2022-09-24

2022-09-24

ALT-BU-2022-6281-1

Branch sisyphus_mipsel update bulletin.

ALT-PU-2022-6279-1

Package python3-module-werkzeug updated to version 2.2.2-alt1 for branch sisyphus_mipsel.

Closed vulnerabilities

Published: 2022-02-17

BDU:2022-06319

Уязвимость библиотеки веб-приложений Pallets Werkzeug, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-05-25
Modified: 2024-11-21

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2022-6280-1

Package libstfl0 updated to version 0.24-alt10 for branch sisyphus_mipsel.

Closed bugs

Bug #43862

cannot load such file -- stfl

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top