ALT-BU-2023-2558-2
Branch p10 update bulletin.
Package fontconfig updated to version 2.13.1-alt5 for branch p10 in task 314821.
Closed bugs
fontconfig: please, register font.dtd in system xml catalog
fontconfig.filetrigger calls egrep(1)
Package xorg-server updated to version 1.20.14-alt7 for branch p10 in task 314787.
Closed vulnerabilities
BDU:2023-00910
Уязвимость функций ProcXkbSetDeviceInfo() и ProcXkbGetDeviceInfo() программного пакета X.Org Server, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код
Modified: 2025-02-24
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- https://bugzilla.redhat.com/show_bug.cgi?id=2165995
- https://bugzilla.redhat.com/show_bug.cgi?id=2165995
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
- https://lists.x.org/archives/xorg-announce/2023-February/003320.html
- https://lists.x.org/archives/xorg-announce/2023-February/003320.html
- GLSA-202305-30
- GLSA-202305-30
Package xorg-xwayland updated to version 22.1.8-alt1 for branch p10 in task 314787.
Closed bugs
FR: Don't initialize glamor on softpipe
Package yandex-browser-stable updated to version 22.11.0.2485-alt1.1 for branch p10 in task 313985.
Closed bugs
Не использует прокси-сервер, указанный в переменных окружения
Closed vulnerabilities
BDU:2023-00578
Уязвимость функции smoothscroll текстового редактора Vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2023-0512
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
- 20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3
- 20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3
- 20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4
- 20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4
- 20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5
- 20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5
- https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835
- https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835
- https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
- https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
- FEDORA-2023-030318ca00
- FEDORA-2023-030318ca00
- https://support.apple.com/kb/HT213670
- https://support.apple.com/kb/HT213670
- https://support.apple.com/kb/HT213675
- https://support.apple.com/kb/HT213675
- https://support.apple.com/kb/HT213677
- https://support.apple.com/kb/HT213677
Closed bugs
Подсветка синтаксиса bash в vim работает неправильно
Package java-17-openjdk updated to version 17.0.6.0.10-alt1 for branch p10 in task 314967.
Closed vulnerabilities
BDU:2023-00510
Уязвимость компонента JSSE программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03640
Уязвимость компонента Sound программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
Modified: 2024-11-21
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Modified: 2024-11-21
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).