ALT-BU-2023-3831-2
Branch sisyphus update bulletin.
Package python3-module-persistent updated to version 5.0-alt2 for branch sisyphus in task 322430.
Closed bugs
Убрать python3-dev из зависимостей
Package gnome-icon-theme updated to version 3.12.0-alt1.1 for branch sisyphus in task 322612.
Closed bugs
Дублирование темы значков "Среда GNOME" в mate-window-manager.
Package lightdm-kde-greeter updated to version 0.4.11-alt1 for branch sisyphus in task 322633.
Closed bugs
Не запоминается логин последнего доменного пользователя
Package mkimage-profiles updated to version 1.5.6-alt1 for branch sisyphus in task 322640.
Closed bugs
btrfs
CPE_NAME в .disk/cpe для ISO образов
Closed vulnerabilities
Modified: 2025-01-22
CVE-2023-33204
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
- https://github.com/sysstat/sysstat/pull/360
- https://github.com/sysstat/sysstat/pull/360
- [debian-lts-announce] 20230527 [SECURITY] [DLA 3434-1] sysstat security update
- [debian-lts-announce] 20230527 [SECURITY] [DLA 3434-1] sysstat security update
- FEDORA-2023-4706cef256
- FEDORA-2023-4706cef256
- FEDORA-2023-ac947ec260
- FEDORA-2023-ac947ec260
Closed bugs
/usr/lib/rpm/provided_symbols ignores symbols with
Package NetworkManager-applet-gtk updated to version 1.33.0-alt1.g4909bd30 for branch sisyphus in task 322646.
Closed bugs
Не импортируется конфигурация для соединения VPN: Ошибка сегментирования
Package kernel-image-un-def updated to version 6.3.7-alt1 for branch sisyphus in task 322689.
Closed vulnerabilities
BDU:2023-02627
Уязвимость функции io_sqe_buffer_register() в модуле io_uring/rsrc.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии в системе или получить доступ к защищаемой информации
BDU:2023-03172
Уязвимость функции r592_remove() в модуле drivers/memstick/host/r592.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2023-2598
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
- [oss-security] 20240424 CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy
- https://security.netapp.com/advisory/ntap-20230703-0006/
- https://www.openwall.com/lists/oss-security/2023/05/08/3
- [oss-security] 20240424 CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy
- https://www.openwall.com/lists/oss-security/2023/05/08/3
- https://security.netapp.com/advisory/ntap-20230703-0006/
Modified: 2025-03-11
CVE-2023-3141
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7
- [debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update
- [debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update
- [debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update
- [debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update
- https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t/
- https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t/
- https://security.netapp.com/advisory/ntap-20230706-0004/
- https://security.netapp.com/advisory/ntap-20230706-0004/
Modified: 2024-11-21
CVE-2023-35788
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
- http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
- [oss-security] 20230617 Re: Linux kernel: off-by-one in fl_set_geneve_opt
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
- https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
- [debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update
- [debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update
- https://security.netapp.com/advisory/ntap-20230714-0002/
- DSA-5448
- DSA-5480
- https://www.openwall.com/lists/oss-security/2023/06/07/1
- http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
- https://www.openwall.com/lists/oss-security/2023/06/07/1
- DSA-5480
- DSA-5448
- https://security.netapp.com/advisory/ntap-20230714-0002/
- [debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update
- [debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update
- https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
- [oss-security] 20230617 Re: Linux kernel: off-by-one in fl_set_geneve_opt
Package installer-feature-simply-livecd updated to version 10.3.0-alt1 for branch sisyphus in task 322709.
Closed bugs
sed захватывает PARTUUID= вместо UUID= и ломает загрузку
Package python3-module-certifi updated to version 2023.5.7-alt1 for branch sisyphus in task 322622.
Closed vulnerabilities
Modified: 2025-02-12
CVE-2022-23491
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
- https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
- https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
- https://security.netapp.com/advisory/ntap-20230223-0010/