ALT-BU-2023-2795-1
Branch sisyphus_mipsel update bulletin.
Package golang updated to version 1.19.7-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-02657
Уязвимость методов ScalarMult и ScalarBaseMult языка программирования Go, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Modified: 2024-11-21
CVE-2023-24532
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
- https://go.dev/cl/471255
- https://go.dev/cl/471255
- https://go.dev/issue/58647
- https://go.dev/issue/58647
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://pkg.go.dev/vuln/GO-2023-1621
- https://pkg.go.dev/vuln/GO-2023-1621
- https://security.netapp.com/advisory/ntap-20230331-0011/
Package awstats updated to version 7.9-alt0.1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-29600
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469
- https://github.com/eldy/awstats/issues/90
- https://github.com/eldy/awstats/issues/90
- [debian-lts-announce] 20201223 [SECURITY] [DLA 2506-1] awstats security update
- [debian-lts-announce] 20201223 [SECURITY] [DLA 2506-1] awstats security update
- FEDORA-2020-d1aa0e030c
- FEDORA-2020-d1aa0e030c
Modified: 2024-11-21
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
- https://github.com/eldy/awstats/issues/195
- https://github.com/eldy/awstats/issues/195
- [debian-lts-announce] 20201223 [SECURITY] [DLA 2506-1] awstats security update
- [debian-lts-announce] 20201223 [SECURITY] [DLA 2506-1] awstats security update
- FEDORA-2020-d1aa0e030c
- FEDORA-2020-d1aa0e030c
- FEDORA-2020-4cba5f2846
- FEDORA-2020-4cba5f2846
Modified: 2025-04-24
CVE-2022-46391
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
- https://github.com/eldy/AWStats/pull/226
- https://github.com/eldy/AWStats/pull/226
- [debian-lts-announce] 20221205 [SECURITY] [DLA 3225-1] awstats security update
- [debian-lts-announce] 20221205 [SECURITY] [DLA 3225-1] awstats security update
- FEDORA-2023-b645c7feda
- FEDORA-2023-b645c7feda
- FEDORA-2023-fda5480804
- FEDORA-2023-fda5480804