ALT-BU-2022-6985-1
Branch sisyphus update bulletin.
Package myconnector updated to version 2.4-alt1 for branch sisyphus in task 309670.
Closed bugs
Текстовый редактор - pluma - не найден!
На Workstation K 9.2 не работает киоск с веб-страницей
Дублируется локализация в подсказке для кнопки "Режим КИОСК"
Package xfce4-settings updated to version 4.17.1-alt1 for branch sisyphus in task 309703.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-45062
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
- https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
- https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
- FEDORA-2022-7febff96e0
- FEDORA-2022-7febff96e0
- GLSA-202305-05
- GLSA-202305-05
- DSA-5296
- DSA-5296
Package make-initrd updated to version 2.32.1-alt1 for branch sisyphus in task 309711.
Closed bugs
При генерации - ошибка luks
Package plasma5-kwin updated to version 5.26.2-alt2 for branch sisyphus in task 309715.
Closed bugs
Артефакты при открытии окна на весь экран
Closed vulnerabilities
BDU:2022-06892
Уязвимость серверного программного обеспечения HAProxy, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-06893
Уязвимость функции htx_add_header компонента include/haproxy/htx.h серверного программного обеспечения HAProxy, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2022-06897
Уязвимость серверного программного обеспечения HAProxy, связанная с недостатками в обработке исключительных состояний, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2022-06920
Уязвимость серверного программного обеспечения HAProxy, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00287
Уязвимость метода HTTP серверного программного обеспечения HAProxy, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2021-39240
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=a495e0d94876c9d39763db319f609351907a31e8
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=a495e0d94876c9d39763db319f609351907a31e8
- FEDORA-2021-3ab4512c98
- FEDORA-2021-3ab4512c98
- FEDORA-2021-e6557245e8
- FEDORA-2021-e6557245e8
- DSA-4960
- DSA-4960
- https://www.mail-archive.com/haproxy%40formilux.org/msg41041.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg41041.html
Modified: 2024-11-21
CVE-2021-39241
An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example.
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=89265224d314a056d77d974284802c1b8a0dc97f
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=89265224d314a056d77d974284802c1b8a0dc97f
- FEDORA-2021-3ab4512c98
- FEDORA-2021-3ab4512c98
- FEDORA-2021-e6557245e8
- FEDORA-2021-e6557245e8
- DSA-4960
- DSA-4960
- https://www.mail-archive.com/haproxy%40formilux.org/msg41041.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg41041.html
Modified: 2024-11-21
CVE-2021-39242
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1
- https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1
- FEDORA-2021-3ab4512c98
- FEDORA-2021-3ab4512c98
- FEDORA-2021-e6557245e8
- FEDORA-2021-e6557245e8
- DSA-4960
- DSA-4960
- https://www.mail-archive.com/haproxy%40formilux.org/msg41041.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg41041.html
Modified: 2024-11-21
CVE-2021-40346
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
- https://git.haproxy.org/?p=haproxy.git
- https://git.haproxy.org/?p=haproxy.git
- https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
- https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
- https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- [cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x)
- [cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x)
- [cloudstack-dev] 20210910 Re: CVE-2021-40346 (haproxy 2.x)
- [cloudstack-dev] 20210910 Re: CVE-2021-40346 (haproxy 2.x)
- FEDORA-2021-3493f9f6ab
- FEDORA-2021-3493f9f6ab
- FEDORA-2021-cd5ee418f6
- FEDORA-2021-cd5ee418f6
- DSA-4968
- DSA-4968
- https://www.mail-archive.com/haproxy%40formilux.org
- https://www.mail-archive.com/haproxy%40formilux.org
- https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html
Modified: 2024-11-21
CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
- https://access.redhat.com/security/cve/cve-2022-0711
- https://access.redhat.com/security/cve/cve-2022-0711
- https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
- https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
- DSA-5102
- DSA-5102
- https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html