ALT-BU-2023-2332-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-04-01
CVE-2023-0411
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json
- https://gitlab.com/wireshark/wireshark/-/issues/18711
- https://gitlab.com/wireshark/wireshark/-/issues/18711
- https://gitlab.com/wireshark/wireshark/-/issues/18720
- https://gitlab.com/wireshark/wireshark/-/issues/18720
- https://gitlab.com/wireshark/wireshark/-/issues/18737
- https://gitlab.com/wireshark/wireshark/-/issues/18737
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- https://www.wireshark.org/security/wnpa-sec-2023-06.html
- https://www.wireshark.org/security/wnpa-sec-2023-06.html
Modified: 2025-04-02
CVE-2023-0412
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json
- https://gitlab.com/wireshark/wireshark/-/issues/18770
- https://gitlab.com/wireshark/wireshark/-/issues/18770
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- https://www.wireshark.org/security/wnpa-sec-2023-07.html
- https://www.wireshark.org/security/wnpa-sec-2023-07.html
Modified: 2025-04-02
CVE-2023-0413
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json
- https://gitlab.com/wireshark/wireshark/-/issues/18766
- https://gitlab.com/wireshark/wireshark/-/issues/18766
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- https://www.wireshark.org/security/wnpa-sec-2023-03.html
- https://www.wireshark.org/security/wnpa-sec-2023-03.html
Modified: 2025-04-02
CVE-2023-0414
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json
- https://gitlab.com/wireshark/wireshark/-/issues/18622
- https://gitlab.com/wireshark/wireshark/-/issues/18622
- https://www.wireshark.org/security/wnpa-sec-2023-01.html
- https://www.wireshark.org/security/wnpa-sec-2023-01.html
Modified: 2025-04-02
CVE-2023-0415
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json
- https://gitlab.com/wireshark/wireshark/-/issues/18796
- https://gitlab.com/wireshark/wireshark/-/issues/18796
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- https://www.wireshark.org/security/wnpa-sec-2023-05.html
- https://www.wireshark.org/security/wnpa-sec-2023-05.html
Modified: 2025-04-01
CVE-2023-0416
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json
- https://gitlab.com/wireshark/wireshark/-/issues/18779
- https://gitlab.com/wireshark/wireshark/-/issues/18779
- https://www.wireshark.org/security/wnpa-sec-2023-04.html
- https://www.wireshark.org/security/wnpa-sec-2023-04.html
Modified: 2025-03-31
CVE-2023-0417
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json
- https://gitlab.com/wireshark/wireshark/-/issues/18628
- https://gitlab.com/wireshark/wireshark/-/issues/18628
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update
- https://www.wireshark.org/security/wnpa-sec-2023-02.html
- https://www.wireshark.org/security/wnpa-sec-2023-02.html
Package yandex-browser-stable updated to version 22.11.0.2485-alt1.1 for branch sisyphus in task 313959.
Closed bugs
Не использует прокси-сервер, указанный в переменных окружения
Package NetworkManager-pptp updated to version 1.2.10-alt2 for branch sisyphus in task 314000.
Closed bugs
NetworkManager неактивное поле ввода пароля при создании PPTP-соединения
Closed vulnerabilities
BDU:2023-02153
Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud, позволяющая нарушителю получить вызвать отказ в обслуживании
BDU:2023-02260
Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-02261
Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-25816
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-53q2-cm29-7j83
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-53q2-cm29-7j83
- https://github.com/nextcloud/server/pull/35965
- https://github.com/nextcloud/server/pull/35965
- https://hackerone.com/reports/1820864
- https://hackerone.com/reports/1820864
Modified: 2024-11-21
CVE-2023-28643
Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhq4-4pr8-wm27
- https://github.com/nextcloud/server/issues/34015
- https://github.com/nextcloud/server/pull/36047
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhq4-4pr8-wm27
- https://github.com/nextcloud/server/pull/36047
- https://github.com/nextcloud/server/issues/34015
Modified: 2024-11-21
CVE-2023-28644
Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.
Package python3-module-jsonschema updated to version 4.17.3-alt2 for branch sisyphus in task 314007.
Closed bugs
unpackaged `core` files
Package local-policy updated to version 0.6.0-alt1.1 for branch sisyphus in task 313969.
Closed bugs
local-policy requires xmlbeans-scripts