Branch p10_e2k update bulletin.

Package sane updated to version 1.1.1-alt2 for branch p10_e2k.

1.1.1

Package branding-alt-education updated to version 10.1-alt8 for branch p10_e2k.

На панели xfce присутствует значок запуска Chromium, отсутствующего в p10/branch/i586

Package freeipa updated to version 4.9.11-alt0.p10.1 for branch p10_e2k.

Ошибка в связанных пакетах рушит работу системы

Package lyx updated to version 2.3.7-alt1.2 for branch p10_e2k.

Содержит файлы шрифтов, содержащиеся в пакете fonts-ttf-reduce или fonts-ttf-latex-xft

Package flatpak updated to version 1.14.4-alt1 for branch p10_e2k.

Published: 2023-03-16
Modified: 2024-11-21

CVE-2023-28100

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References:

Published: 2023-03-16
Modified: 2024-11-21

CVE-2023-28101

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Package dnsmasq updated to version 2.89-alt2 for branch p10_e2k.

Published: 2023-03-08

BDU:2023-02265

Уязвимость DNS-сервера Dnsmasq. связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-28450

Published: 2023-03-16
Modified: 2025-02-27

CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package perl-WWW-Curl updated to version 4.17-alt8 for branch p10_e2k.

WWW::Curl::Multi broken

Package sisyphus-updates updated to version 0.2-alt1 for branch p10_e2k.

Добавить ветку x86_64-i586

Version: 2.1.0

Branch p10_e2k update on 2023-04-06

ALT-BU-2023-3101-1

ALT-PU-2023-3093-1

Closed bugs

Bug #42408

ALT-PU-2023-3094-1

Closed bugs

Bug #44938

ALT-PU-2023-3095-1

Closed bugs

Bug #43823

ALT-PU-2023-3096-1

Closed bugs

Bug #25332

ALT-PU-2023-3097-1

Closed vulnerabilities

CVE-2023-28100

CVE-2023-28101

ALT-PU-2023-3098-1

Closed vulnerabilities

BDU:2023-02265

CVE-2023-28450

ALT-PU-2023-3099-1

Closed bugs

Bug #41027

ALT-PU-2023-3100-1

Closed bugs

Bug #31605