Branch p10 update bulletin.

Package libmicrohttpd updated to version 0.9.76-alt1 for branch p10 in task 317701.

Published: 2023-02-28
Modified: 2024-11-21

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package alterator-x11 updated to version 1.98.15-alt1 for branch p10 in task 317582.

video_scan -s drivers завершается ошибкой

Package kernel-image-un-def updated to version 5.15.105-alt1 for branch p10 in task 317797.

Published: 2022-12-22
Modified: 2024-06-07

BDU:2022-07339

Уязвимость драйвера файловой системы NFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.4) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:N/A:C

References:

CVE-2022-4379

Published: 2023-01-10
Modified: 2025-04-08

CVE-2022-4379

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Branch p10 update on 2023-04-07

ALT-BU-2023-3116-1

ALT-PU-2023-1582-1

Closed vulnerabilities

CVE-2023-27371

ALT-PU-2023-1585-1

Closed bugs

Bug #45668

ALT-PU-2023-1586-1

Closed vulnerabilities

BDU:2022-07339

CVE-2022-4379