ALT-BU-2023-3166-1
Branch sisyphus update bulletin.
Package mate-file-archiver updated to version 1.26.0-alt2 for branch sisyphus in task 318370.
Closed bugs
[Локализация] EngTrampa
Package yandex-browser-stable updated to version 23.3.1.916-alt1 for branch sisyphus in task 318365.
Closed vulnerabilities
BDU:2023-00071
Уязвимость функции Overview Mode браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00166
Уязвимость сетевой службы браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2023-00392
Уязвимость компонента WebTransport браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00394
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00533
Уязвимость реализации всплывающих окон с запросом на разрешение браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00534
Уязвимость реализации прикладного программного интерфейса File System браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-00537
Уязвимость механизма «Downloads» («Загрузки») браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-00648
Уязвимость компонента Core веб-браузера Google Chrome, позволяющая нарушителю повысить свои привилегии
BDU:2023-00649
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00650
Уязвимость компонента Data Transfer веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00651
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2023-00652
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00653
Уязвимость загрузчика веб-браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2023-00654
Уязвимость графического процессора GPU браузеров Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00754
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00929
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00930
Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю изменить содержимое пользовательского интерфейса
BDU:2023-00957
Уязвимость библиотеки SwiftShader браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных
BDU:2023-00958
Уязвимость компонента Video браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00959
Уязвимость режима рендеринга Vulkan браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-00960
Уязвимость реализации технологии WebRTC браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-00961
Уязвимость функции PDF Viewer браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-00972
Уязвимость реализации прикладного программного интерфейса Web Payments браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-00973
Уязвимость компонента Prompts браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00974
Уязвимость компонента Video браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2023-0128
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0129
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
Modified: 2025-03-21
CVE-2023-0130
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0131
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0132
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0133
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0134
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0135
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0136
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0137
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0138
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0139
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0140
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-03-21
CVE-2023-0141
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0471
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0472
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0473
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0474
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0696
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0697
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0698
Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1403573
- https://crbug.com/1403573
- GLSA-202309-17
- GLSA-202309-17
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
Modified: 2024-11-21
CVE-2023-0699
Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0700
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0701
Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0702
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0703
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0704
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0705
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0927
Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1414738
- https://crbug.com/1414738
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0928
Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1309035
- https://crbug.com/1309035
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0929
Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1399742
- https://crbug.com/1399742
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0930
Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1410766
- https://crbug.com/1410766
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0931
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1407701
- https://crbug.com/1407701
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0932
Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1413005
- https://crbug.com/1413005
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0933
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1404864
- https://crbug.com/1404864
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Modified: 2024-11-21
CVE-2023-0941
Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
- https://crbug.com/1415366
- https://crbug.com/1415366
- https://security.gentoo.org/glsa/202309-17
- https://security.gentoo.org/glsa/202309-17
Closed bugs
Не предоставляет webclient
Closed bugs
В расширенном режиме перепутаны кнопки округления в большую/меньшую сторону в mate-calc
Package mate-screensaver updated to version 1.26.1-alt2 for branch sisyphus in task 318375.
Closed bugs
В MATE alt-customize-branding не изменяет оформление экрана блокировки