ALT-BU-2022-6339-1
Branch sisyphus_riscv64 update bulletin.
Package xfce-polkit updated to version 0.3-alt2.g820497b for branch sisyphus_riscv64.
Closed bugs
Запускать только в сеансе по xfce
Package rpm-build-tex updated to version 0.4.4-alt1 for branch sisyphus_riscv64.
Closed bugs
tex.prov.files: неверно обрабатываются файлы, начинающиеся с '-'
Package neofetch updated to version 7.1.0-alt3 for branch sisyphus_riscv64.
Closed bugs
Нет логотипа Альта
Package libxslt updated to version 1.1.37-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-03033
Уязвимость компонентов buf.c и tree.c библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- [debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update
- [debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update
- FEDORA-2022-9136d646e4
- FEDORA-2022-9136d646e4
- FEDORA-2022-f624aad735
- FEDORA-2022-f624aad735
- FEDORA-2022-be6d83642a
- FEDORA-2022-be6d83642a
- GLSA-202210-03
- GLSA-202210-03
- https://security.netapp.com/advisory/ntap-20220715-0006/
- https://security.netapp.com/advisory/ntap-20220715-0006/
- DSA-5142
- DSA-5142
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Package cinnamon-desktop updated to version 5.4.2-alt2 for branch sisyphus_riscv64.
Closed bugs
Неверный дефолтный путь до обоев
Package php8.1 updated to version 8.1.11-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
- https://bugs.php.net/bug.php?id=81726
- https://bugs.php.net/bug.php?id=81726
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f204e1d0ed
- FEDORA-2022-f204e1d0ed
- FEDORA-2022-afdea1c747
- FEDORA-2022-afdea1c747
- FEDORA-2022-0b77fbd9e7
- FEDORA-2022-0b77fbd9e7
- GLSA-202211-03
- GLSA-202211-03
- https://security.netapp.com/advisory/ntap-20221209-0001/
- https://security.netapp.com/advisory/ntap-20221209-0001/
- DSA-5277
- DSA-5277
Modified: 2024-11-21
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
- [oss-security] 20240412 PHP security releases 8.1.28, 8.2.18, & 8.3.6
- [oss-security] 20240412 PHP security releases 8.1.28, 8.2.18, & 8.3.6
- https://bugs.php.net/bug.php?id=81727
- https://bugs.php.net/bug.php?id=81727
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f204e1d0ed
- FEDORA-2022-f204e1d0ed
- FEDORA-2024-5e8ae0def0
- FEDORA-2024-5e8ae0def0
- FEDORA-2024-39d50cc975
- FEDORA-2024-39d50cc975
- FEDORA-2022-afdea1c747
- FEDORA-2022-afdea1c747
- FEDORA-2022-0b77fbd9e7
- FEDORA-2022-0b77fbd9e7
- FEDORA-2024-b46619f761
- FEDORA-2024-b46619f761
- GLSA-202211-03
- GLSA-202211-03
- https://security.netapp.com/advisory/ntap-20221209-0001/
- https://security.netapp.com/advisory/ntap-20221209-0001/
- DSA-5277
- DSA-5277