Branch sisyphus update bulletin.

Package python3-module-future updated to version 0.18.3-alt1 for branch sisyphus in task 321135.

Published: 2022-12-22

BDU:2023-02446

Уязвимость программы совместимости версий Python Charmers Future, связанная с некорректным регулярным выражением, позволяющая нарушителю вызывать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2022-40899

Published: 2022-12-23
Modified: 2025-04-15

CVE-2022-40899

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package dbus updated to version 1.14.6-alt2 for branch sisyphus in task 321145.

зависимость на /proc

Package boost updated to version 1.80.0-alt2 for branch sisyphus in task 321125.

boost: поддержка архитектуры LoongArch

boost: упрощение начальной сборки

Package kernel-image-mp updated to version 6.2.16-alt1 for branch sisyphus in task 321158.

Published: 2023-04-14

BDU:2023-02605

Уязвимость функции qfq_change_class() ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

References:

CVE-2023-31436

Published: 2023-04-28
Modified: 2024-11-21

CVE-2023-31436

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package curl updated to version 8.1.0-alt1 for branch sisyphus in task 321126.

Published: 2023-04-19

BDU:2023-02895

Уязвимость библиотеки libcurl, связанная с ошибками при отправке HTTP-запросов POST и PUT с использованием одного и того же дескриптора, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-28322

Published: 2023-05-26
Modified: 2025-01-15

CVE-2023-28319

A use after free vulnerability exists in curl

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2023-05-26
Modified: 2025-01-15

CVE-2023-28320

A denial of service vulnerability exists in curl

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2023-05-26
Modified: 2025-01-15

CVE-2023-28321

An improper certificate validation vulnerability exists in curl

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2023-05-26
Modified: 2024-11-21

CVE-2023-28322

An information disclosure vulnerability exists in curl

Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Package shadow updated to version 4.13-alt5 for branch sisyphus in task 321172.

Published: 2023-04-14
Modified: 2025-02-06

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Package kernelshark updated to version 2.2.0-alt4 for branch sisyphus in task 321173.

Некорректное отображение графика

Ошибка при запуске из каталога с пробелом в названии

Version: 2.1.2

Branch sisyphus update on 2023-05-19

ALT-BU-2023-3602-1

ALT-PU-2023-1823-1

Closed vulnerabilities

BDU:2023-02446

CVE-2022-40899

ALT-PU-2023-1824-1

Closed bugs

Bug #45542

ALT-PU-2023-1825-1

Closed bugs

Bug #46181

Bug #46182

ALT-PU-2023-1826-1

Closed vulnerabilities

BDU:2023-02605

CVE-2023-31436

ALT-PU-2023-1827-1

Closed vulnerabilities

BDU:2023-02895

CVE-2023-28319

CVE-2023-28320

CVE-2023-28321

CVE-2023-28322

ALT-PU-2023-1828-1

Closed vulnerabilities

CVE-2023-29383

ALT-PU-2023-1829-1

Closed bugs

Bug #46184

Bug #46185