ALT Linux Team

Branch sisyphus_e2k update on 2023-07-04

2023-07-04

ALT-BU-2023-4175-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2023-4170-1

Package usbguard updated to version 1.1.2-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2019-02-07

BDU:2023-01654

Уязвимость демона usbguard-dbus программного обеспечения защиты USB устройств USBGuard, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-02-24
Modified: 2024-11-21

CVE-2019-25058

An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-4171-1

Package eepm updated to version 3.57.12-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #46501

epm play vinteo.desktop: программа не устанавливается

Bug #46508

epm play lycheeslicer: программа не устанавливается

Bug #46509

epm play synology-drive: проблемы с установкой программы

ALT-PU-2023-4172-1

Package exiv2 updated to version 0.27.7-alt1.1 for branch sisyphus_e2k.

Closed bugs

Bug #46748

Сборка с поддержкой BMFF

ALT-PU-2023-4173-1

Package libjpeg8 updated to version 3.0.0-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2023-05-26
Modified: 2025-01-16

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2023-4174-1

Package desktop-file-utils updated to version 0.26-alt4 for branch sisyphus_e2k.

Closed bugs

Bug #46615

update-desktop-database.filetrigger не учитывает $XDG_DATA_DIRS

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top