ALT Linux Team

Branch sisyphus_e2k update on 2023-07-20

2023-07-20

ALT-BU-2023-4491-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2023-4488-1

Package curl updated to version 8.2.0-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2023-07-27
Modified: 2023-11-07

CVE-2023-32001

Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for.

ALT-PU-2023-4489-1

Package openssh updated to version 9.3p2-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2002-06-06

BDU:2022-01880

Уязвимость средства криптографической защиты OpenSSH, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-09-26

BDU:2023-03837

Уязвимость средства криптографической защиты OpenSSH, связанная с небезопасным управлением привилегиями, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-09-15
Modified: 2024-11-21

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2022-03-13
Modified: 2024-11-21

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2021-09-26
Modified: 2024-11-21

CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #45029

Неверный код возврата при запуске ssh-agent

ALT-PU-2023-4490-1

Package eepm updated to version 3.58.2-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #46967

Не устанавливается Yandex Browser

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top