ALT Linux Team

Branch sisyphus update on 2023-07-19

2023-07-19

ALT-BU-2023-4464-1

Branch sisyphus update bulletin.

ALT-PU-2023-4448-2

Package eepm updated to version 3.58.1-alt1 for branch sisyphus in task 325093.

Closed bugs

Bug #46967

Не устанавливается Yandex Browser

ALT-PU-2023-4460-2

Package openssh updated to version 9.3p1-alt1 for branch sisyphus in task 324979.

Closed vulnerabilities

Published: 2002-06-06

BDU:2022-01880

Уязвимость средства криптографической защиты OpenSSH, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-09-15
Modified: 2024-11-21

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2022-03-13
Modified: 2024-11-21

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-09-26
Modified: 2024-11-21

CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #45029

Неверный код возврата при запуске ssh-agent

ALT-PU-2023-4461-1

Package kernel-image-centos updated to version 5.14.0.340-alt1.el9 for branch sisyphus in task 325112.

Closed vulnerabilities

Published: 2023-02-04

BDU:2023-03170

Уязвимость функции fbcon_set_font() в модуле drivers/video/fbdev/core/fbcon.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-06-12
Modified: 2025-03-11

CVE-2023-3161

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2023-4463-1

Package phosh updated to version 0.29.0-alt1.3 for branch sisyphus in task 325130.

Closed bugs

Bug #46978

Добавить в phosh.service Alias=display-manager.service

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top