ALT-BU-2023-3421-1
Branch sisyphus_mipsel update bulletin.
Package plymouth updated to version 22.02.122-alt1.20221016 for branch sisyphus_mipsel.
Closed bugs
Не показывается splash, если включен вывод на serial console
Не работает plymouth на UEFI с ядром un-def
Package alterator-setup updated to version 0.3.16-alt1 for branch sisyphus_mipsel.
Closed bugs
После установки на плату без видеокарты не запускается X
Package golang updated to version 1.20.4-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-03470
Уязвимость языка программирования Go, связанная с ошибками при обработке специальных символов "<>" в контексте CSS, позволяющая нарушителю выполнить произвольный код
BDU:2023-03471
Уязвимость языка программирования Go, связанная с ошибками при обработке пробельных символов в контексте JavaScript, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-03472
Уязвимость языка программирования Go, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю внедрить произвольные атрибуты в теги HTML
Modified: 2025-01-24
CVE-2023-24539
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
- https://go.dev/cl/491615
- https://go.dev/cl/491615
- https://go.dev/issue/59720
- https://go.dev/issue/59720
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://pkg.go.dev/vuln/GO-2023-1751
- https://pkg.go.dev/vuln/GO-2023-1751
- https://security.netapp.com/advisory/ntap-20241129-0005/
Modified: 2025-01-24
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
- https://go.dev/cl/491616
- https://go.dev/cl/491616
- https://go.dev/issue/59721
- https://go.dev/issue/59721
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://pkg.go.dev/vuln/GO-2023-1752
- https://pkg.go.dev/vuln/GO-2023-1752
- https://security.netapp.com/advisory/ntap-20241115-0008/
Modified: 2025-01-24
CVE-2023-29400
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
- https://go.dev/cl/491617
- https://go.dev/cl/491617
- https://go.dev/issue/59722
- https://go.dev/issue/59722
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://pkg.go.dev/vuln/GO-2023-1753
- https://pkg.go.dev/vuln/GO-2023-1753
- https://security.netapp.com/advisory/ntap-20241213-0005/
Package wireshark updated to version 4.0.5-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-03347
Уязвимость диссектора RPCoRDMA анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-06
CVE-2023-1161
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1161.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1161.json
- https://gitlab.com/wireshark/wireshark/-/issues/18839
- https://gitlab.com/wireshark/wireshark/-/issues/18839
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- GLSA-202309-02
- GLSA-202309-02
- DSA-5429
- DSA-5429
- https://www.wireshark.org/security/wnpa-sec-2023-08.html
- https://www.wireshark.org/security/wnpa-sec-2023-08.html
Modified: 2025-02-07
CVE-2023-1992
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json
- https://gitlab.com/wireshark/wireshark/-/issues/18852
- https://gitlab.com/wireshark/wireshark/-/issues/18852
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- FEDORA-2023-f70fbf64cb
- FEDORA-2023-f70fbf64cb
- FEDORA-2023-7af3ad9ffe
- FEDORA-2023-7af3ad9ffe
- FEDORA-2023-203eff67e0
- FEDORA-2023-203eff67e0
- GLSA-202309-02
- GLSA-202309-02
- DSA-5429
- DSA-5429
- https://www.wireshark.org/security/wnpa-sec-2023-09.html
- https://www.wireshark.org/security/wnpa-sec-2023-09.html
Modified: 2025-02-07
CVE-2023-1993
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json
- https://gitlab.com/wireshark/wireshark/-/issues/18900
- https://gitlab.com/wireshark/wireshark/-/issues/18900
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- FEDORA-2023-f70fbf64cb
- FEDORA-2023-f70fbf64cb
- FEDORA-2023-7af3ad9ffe
- FEDORA-2023-7af3ad9ffe
- FEDORA-2023-203eff67e0
- FEDORA-2023-203eff67e0
- GLSA-202309-02
- GLSA-202309-02
- DSA-5429
- DSA-5429
- https://www.wireshark.org/security/wnpa-sec-2023-10.html
- https://www.wireshark.org/security/wnpa-sec-2023-10.html
Modified: 2025-02-07
CVE-2023-1994
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json
- https://gitlab.com/wireshark/wireshark/-/issues/18947
- https://gitlab.com/wireshark/wireshark/-/issues/18947
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- [debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update
- FEDORA-2023-f70fbf64cb
- FEDORA-2023-f70fbf64cb
- FEDORA-2023-7af3ad9ffe
- FEDORA-2023-7af3ad9ffe
- FEDORA-2023-203eff67e0
- FEDORA-2023-203eff67e0
- GLSA-202309-02
- GLSA-202309-02
- DSA-5429
- DSA-5429
- https://www.wireshark.org/security/wnpa-sec-2023-11.html
- https://www.wireshark.org/security/wnpa-sec-2023-11.html
Package python3-module-pyxdg updated to version 0.28-alt1.1 for branch sisyphus_mipsel.
Closed bugs
Убрать зависимость на python3(nose)
Package python3-module-markdown updated to version 3.4.3-alt1.1 for branch sisyphus_mipsel.
Closed bugs
Убрать зависимость на python3(nose)
Package python3-module-arrow updated to version 1.2.3-alt1.1 for branch sisyphus_mipsel.
Closed bugs
Убрать зависимость на python3(nose)
Package python3-module-dateparser updated to version 1.1.8-alt1.2 for branch sisyphus_mipsel.
Closed bugs
Убрать зависимость на python3(nose)
Package python3-module-colour updated to version 0.1.5-alt4.1 for branch sisyphus_mipsel.
Closed bugs
Убрать зависимость на python3(nose)
Package python3-module-keyring updated to version 23.14.0-alt2 for branch sisyphus_mipsel.
Closed bugs
Обновление до версии whatsapp-for-linux 1.5.2
Package pcmanfm-qt updated to version 1.3.0-alt3 for branch sisyphus_mipsel.
Closed bugs
Незапрошенное закрытие окна pcmanfm-qt на размонтировании
Package make-initrd-bootchain updated to version 0.1.5-alt15 for branch sisyphus_mipsel.
Closed bugs
Не загружаются iso с plymouth, если в cmdline указать console=ttyS0 или console=tty0
Не обрабатывается ошибка отсутствия сквоша с заданным именем при загрузке iso образа по сети целиком