BDU:2022-05325

Уязвимость компонента inflate.c библиотеки zlib, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2022-37434

Published: 2022-08-05
Modified: 2025-05-30

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package xfce4-settings updated to version 4.17.1-alt1 for branch sisyphus_e2k.

Published: 2022-11-09
Modified: 2025-05-01

CVE-2022-45062

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package xinit updated to version 1.4.1-alt2 for branch sisyphus_e2k.

без xterm не работает

Version: 2.1.2

Branch sisyphus_e2k update on 2022-11-12

ALT-BU-2022-7035-1

ALT-PU-2022-7032-1

Closed vulnerabilities

BDU:2022-05325

CVE-2022-37434

ALT-PU-2022-7033-1

Closed vulnerabilities

CVE-2022-45062

ALT-PU-2022-7034-1

Closed bugs

Bug #43833