ALT Linux Team

Branch p10 update on 2023-04-07

2023-04-07

ALT-BU-2023-3116-1

Branch p10 update bulletin.

ALT-PU-2023-1582-1

Package libmicrohttpd updated to version 0.9.76-alt1 for branch p10 in task 317701.

Closed vulnerabilities

Published: 2023-02-28
Modified: 2024-11-21

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2023-1585-1

Package alterator-x11 updated to version 1.98.15-alt1 for branch p10 in task 317582.

Closed bugs

Bug #45668

video_scan -s drivers завершается ошибкой

ALT-PU-2023-1586-1

Package kernel-image-un-def updated to version 5.15.105-alt1 for branch p10 in task 317797.

Closed vulnerabilities

Published: 2022-12-14

BDU:2022-07339

Уязвимость драйвера файловой системы NFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.4) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2023-01-11
Modified: 2024-11-21

CVE-2022-4379

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top