ALT Linux Team

Branch p10 update on 2023-07-13

2023-07-13

ALT-BU-2023-4369-1

Branch p10 update bulletin.

ALT-PU-2023-4095-2

Package usbguard updated to version 1.1.2-alt1 for branch p10 in task 324141.

Closed vulnerabilities

Published: 2019-02-07

BDU:2023-01654

Уязвимость демона usbguard-dbus программного обеспечения защиты USB устройств USBGuard, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-02-24
Modified: 2024-11-21

CVE-2019-25058

An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-4143-2

Package desktop-file-utils updated to version 0.26-alt4 for branch p10 in task 324227.

Closed bugs

Bug #46615

update-desktop-database.filetrigger не учитывает $XDG_DATA_DIRS

ALT-PU-2023-4145-2

Package kernel-image-rt updated to version 5.10.186-alt1.rt91 for branch p10 in task 324377.

Closed vulnerabilities

Published: 2023-06-28
Modified: 2025-02-13

CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-4246-2

Package xfce4-settings updated to version 4.18.3-alt2 for branch p10 in task 324604.

Closed bugs

Bug #46825

Лишний символ "&" в настройках внешнего вида

ALT-PU-2023-4334-2

Package open-vm-tools updated to version 12.2.5-alt1 for branch p10 in task 324685.

Closed vulnerabilities

Published: 2023-06-13

BDU:2023-03162

Уязвимость модуля vgauth компонента VMware Tools гипервизора VMware ESXi, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации

References:
Published: 2022-11-30
Modified: 2024-11-21

CVE-2021-31693

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2023-06-13
Modified: 2025-03-08

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top