ALT-BU-2023-4011-1
Branch p10_e2k update bulletin.
Package python3-module-mkdocs updated to version 1.4.0-alt1 for branch p10_e2k.
Closed bugs
Не загружаются иконочные шрифты
Package python3-module-mako updated to version 1.2.4-alt2 for branch p10_e2k.
Closed vulnerabilities
BDU:2023-02444
Уязвимость библиотеки шаблонов Sqlalchemy mako Python, связанная с некорректным регулярным выражением, позволяющая нарушителю вызывать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-40023
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
- https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21
- https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21
- https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
- https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
- https://github.com/sqlalchemy/mako/issues/366
- https://github.com/sqlalchemy/mako/issues/366
- [debian-lts-announce] 20220921 [SECURITY] [DLA 3116-1] mako security update
- [debian-lts-announce] 20220921 [SECURITY] [DLA 3116-1] mako security update
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://pyup.io/vulnerabilities/CVE-2022-40023/50870/
- https://pyup.io/vulnerabilities/CVE-2022-40023/50870/
Closed bugs
Move mako.testing to tests subpackage or remove
Closed vulnerabilities
BDU:2022-05892
Уязвимость компонента Dpkg::Source::Archive менеджера пакетов Dpkg, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-1664
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
- https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
- https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html
- https://lists.debian.org/debian-security-announce/2022/msg00115.html
- https://lists.debian.org/debian-security-announce/2022/msg00115.html
- https://security.netapp.com/advisory/ntap-20221007-0002/
- https://security.netapp.com/advisory/ntap-20221007-0002/
Package pavucontrol updated to version 5.0-alt2 for branch p10_e2k.
Closed bugs
тянет pulseaudio-daemon
Closed vulnerabilities
BDU:2022-06389
Уязвимость системы межпроцессного взаимодействия D-Bus, связанная с достижимостью утверждения в отладочных сборках, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-06391
Уязвимость системы межпроцессного взаимодействия D-Bus, связанная с ошибкой использования памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-06394
Уязвимость системы межпроцессного взаимодействия D-Bus, связанная с граничной ошибкой, вызванной недопустимым массивом элементов фиксированной длины, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-42010
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
- FEDORA-2022-7a963a79d1
- FEDORA-2022-7a963a79d1
- FEDORA-2022-b0c2f2ab74
- FEDORA-2022-b0c2f2ab74
- FEDORA-2022-076544c8aa
- FEDORA-2022-076544c8aa
- GLSA-202305-08
- GLSA-202305-08
- https://www.openwall.com/lists/oss-security/2022/10/06/1
- https://www.openwall.com/lists/oss-security/2022/10/06/1
Modified: 2024-11-21
CVE-2022-42011
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
- FEDORA-2022-7a963a79d1
- FEDORA-2022-7a963a79d1
- FEDORA-2022-b0c2f2ab74
- FEDORA-2022-b0c2f2ab74
- FEDORA-2022-076544c8aa
- FEDORA-2022-076544c8aa
- GLSA-202305-08
- GLSA-202305-08
- https://www.openwall.com/lists/oss-security/2022/10/06/1
- https://www.openwall.com/lists/oss-security/2022/10/06/1
Modified: 2024-11-21
CVE-2022-42012
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
- FEDORA-2022-7a963a79d1
- FEDORA-2022-7a963a79d1
- FEDORA-2022-b0c2f2ab74
- FEDORA-2022-b0c2f2ab74
- FEDORA-2022-076544c8aa
- FEDORA-2022-076544c8aa
- GLSA-202305-08
- GLSA-202305-08
- https://www.openwall.com/lists/oss-security/2022/10/06/1
- https://www.openwall.com/lists/oss-security/2022/10/06/1
Closed bugs
зависимость на /proc
Package python3-module-importlib-metadata updated to version 5.1.0-alt1.1 for branch p10_e2k.
Closed bugs
Файловый конфликт при dist-upgrade
Package python3-module-keyring updated to version 23.14.0-alt3.1 for branch p10_e2k.
Closed bugs
Обновление до версии whatsapp-for-linux 1.5.2
Please update to 23.14.0
Не работает утилита keyring