ALT-BU-2023-5022-1
Branch p10 update bulletin.
Closed bugs
qt5-base: ошибки сборки на архитектуре LoongArch
Package qt5-location updated to version 5.15.10-alt1 for branch p10 in task 320310.
Closed bugs
qt5-location: ошибка сборки с GCC 13
Package qt5-script updated to version 5.15.10-alt1 for branch p10 in task 320310.
Closed bugs
qt5-script: ошибка сборки на LoongArch
Package qt5-webengine updated to version 5.15.14-alt1 for branch p10 in task 320310.
Closed vulnerabilities
Modified: 2025-01-29
BDU:2023-03803
Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2025-01-27
CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
- https://codereview.qt-project.org/c/qt/qtsvg/+/474093
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/
- https://codereview.qt-project.org/c/qt/qtsvg/+/474093
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/
Modified: 2025-03-05
CVE-2023-32762
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
- https://codereview.qt-project.org/c/qt/qtbase/+/476140
- https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://lists.qt-project.org/pipermail/announce/2023-May/000414.html
- https://codereview.qt-project.org/c/qt/qtbase/+/476140
- https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://lists.qt-project.org/pipermail/announce/2023-May/000414.html
Package virtualbox updated to version 6.1.46-alt1 for branch p10 in task 327147.
Closed vulnerabilities
Modified: 2024-11-14
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-14
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
Modified: 2024-01-12
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-addition-un-def updated to version 6.1.46-alt1.393514.1 for branch p10 in task 327147.
Closed vulnerabilities
Modified: 2024-11-14
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-14
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
Modified: 2024-01-12
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-addition-std-def updated to version 6.1.46-alt1.330429.1 for branch p10 in task 327147.
Closed vulnerabilities
Modified: 2024-11-14
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-14
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
Modified: 2024-01-12
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-un-def updated to version 6.1.46-alt1.393514.1 for branch p10 in task 327147.
Closed vulnerabilities
Modified: 2024-11-14
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-14
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
Modified: 2024-01-12
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-std-def updated to version 6.1.46-alt1.330429.1 for branch p10 in task 327147.
Closed vulnerabilities
Modified: 2024-11-14
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-14
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
Modified: 2024-01-12
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Closed bugs
duplicate option description in manpage
Не работает опция --no-query-repackage