ALT-BU-2022-7581-1
Branch sisyphus_riscv64 update bulletin.
Package dovecot updated to version 2.3.20-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-30550
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
- https://dovecot.org/security
- https://dovecot.org/security
- [debian-lts-announce] 20220927 [SECURITY] [DLA 3122-1] dovecot security update
- [debian-lts-announce] 20220927 [SECURITY] [DLA 3122-1] dovecot security update
- GLSA-202310-19
- GLSA-202310-19
- https://www.dovecot.org/download/
- https://www.dovecot.org/download/
- https://www.openwall.com/lists/oss-security/2022/07/08/1
- https://www.openwall.com/lists/oss-security/2022/07/08/1
Package kernel-image-un-def updated to version 6.0.15-alt1.0.rv64 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-07218
Уязвимость функции l2cap_config_req (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-45934
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
- [debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update
- [debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- FEDORA-2022-90162a1d88
- FEDORA-2022-90162a1d88
- https://security.netapp.com/advisory/ntap-20230113-0008/
- https://security.netapp.com/advisory/ntap-20230113-0008/
- DSA-5324
- DSA-5324
Package docs-alt-server-v updated to version 10.1-alt4 for branch sisyphus_riscv64.
Closed bugs
Опечатка в 31.5.1. LDAP аутентификация в слове сопоставлены
Опечатка в названии файла для добавления DEFAULT_AUTH в docs-alt-server-v
В документации указан отсутствующий функционал oneuser enable/disable в docs-alt-server-v
В разделе 45.4. надпись не соответствует картинке в docs-alt-server-v
Опечатка в 31.5.1. в названии параметра способа авторизации в sunstone в docs-alt-server-v
Опечатка в разделе 28.3. в командах по добавлению узлов opennebula в docs-alt-server-v