ALT-BU-2023-5494-2
Branch p10 update bulletin.
Package kde5-kwalletmanager updated to version 23.04.3-alt1 for branch p10 in task 316284.
Closed bugs
Ошибка "Не удалось найти модуль «kwalletconfig5»" при попытке открыть настройки бумажника
Package docker-buildx updated to version 0.11.2-alt2 for branch p10 in task 328628.
Closed bugs
не корректная информация о версии
Package docker-engine updated to version 24.0.5-alt1 for branch p10 in task 328628.
Closed bugs
Не использует опции Docker: DOCKER_NETWORK_OPTIONS → OPTIONS
Closed bugs
Enable python binding
Closed vulnerabilities
Modified: 2025-08-07
BDU:2022-07359
Уязвимость реализации поддержки WISPR диспетчера соединений Connman, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2025-08-07
BDU:2022-07360
Уязвимость компонента gweb диспетчера соединений Connman, связанная с записью за границами выделенного диапазона памяти, позволяющая нарушителю выполнить произвольный код
Modified: 2023-09-20
BDU:2023-03868
Уязвимость компонента client.c диспетчера соединений ConnMan, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-32292
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
- https://bugzilla.suse.com/show_bug.cgi?id=1200189
- https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org/
- https://security.gentoo.org/glsa/202310-21
- https://www.debian.org/security/2022/dsa-5231
- https://bugzilla.suse.com/show_bug.cgi?id=1200189
- https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org/
- https://security.gentoo.org/glsa/202310-21
- https://www.debian.org/security/2022/dsa-5231
Modified: 2024-11-21
CVE-2022-32293
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.
- https://bugzilla.suse.com/show_bug.cgi?id=1200190
- https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org/
- https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org/
- https://security.gentoo.org/glsa/202310-21
- https://www.debian.org/security/2022/dsa-5231
- https://bugzilla.suse.com/show_bug.cgi?id=1200190
- https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org/
- https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org/
- https://security.gentoo.org/glsa/202310-21
- https://www.debian.org/security/2022/dsa-5231
Modified: 2025-02-08
CVE-2023-28488
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.
- https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
- https://kernel.googlesource.com/pub/scm/network/connman/connman/+/99e2c16ea1cced34a5dc450d76287a1c3e762138
- https://lists.debian.org/debian-lts-announce/2023/04/msg00024.html
- https://www.debian.org/security/2023/dsa-5416
- https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
- https://kernel.googlesource.com/pub/scm/network/connman/connman/+/99e2c16ea1cced34a5dc450d76287a1c3e762138
- https://lists.debian.org/debian-lts-announce/2023/04/msg00024.html
- https://www.debian.org/security/2023/dsa-5416
Package containerd updated to version 1.7.2-alt1 for branch p10 in task 328628.
Closed vulnerabilities
Modified: 2024-09-13
BDU:2023-01488
Уязвимость среды выполнения контейнеров Containerd, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или выполнить произвольный код
Modified: 2024-04-27
BDU:2023-01489
Уязвимость среды выполнения контейнеров Containerd, связанная с отсутствием ограничения на количество байтов, считываемых для определенных файлов, при импорте образов OCI, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
- https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
- https://github.com/containerd/containerd/releases/tag/v1.5.18
- https://github.com/containerd/containerd/releases/tag/v1.6.18
- https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
- https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
- https://github.com/containerd/containerd/releases/tag/v1.5.18
- https://github.com/containerd/containerd/releases/tag/v1.6.18
- https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
Modified: 2024-11-21
CVE-2023-25173
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.
- https://github.com/advisories/GHSA-4wjj-jwc9-2x96
- https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
- https://github.com/advisories/GHSA-phjr-8j92-w5v7
- https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- https://github.com/containerd/containerd/releases/tag/v1.5.18
- https://github.com/containerd/containerd/releases/tag/v1.6.18
- https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
- https://github.com/advisories/GHSA-4wjj-jwc9-2x96
- https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
- https://github.com/advisories/GHSA-phjr-8j92-w5v7
- https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- https://github.com/containerd/containerd/releases/tag/v1.5.18
- https://github.com/containerd/containerd/releases/tag/v1.6.18
- https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Modified: 2024-09-07
GHSA-259w-8hf6-59c2
OCI image importer memory exhaustion in github.com/containerd/containerd
- https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
- https://nvd.nist.gov/vuln/detail/CVE-2023-25153
- https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
- https://github.com/containerd/containerd
- https://github.com/containerd/containerd/releases/tag/v1.5.18
- https://github.com/containerd/containerd/releases/tag/v1.6.18
- https://pkg.go.dev/vuln/GO-2023-1573
Modified: 2024-09-07
GHSA-hmfx-3pcx-653p
Supplementary groups are not set up properly in github.com/containerd/containerd
- https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
- https://nvd.nist.gov/vuln/detail/CVE-2023-25173
- https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- https://github.com/advisories/GHSA-4wjj-jwc9-2x96
- https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
- https://github.com/advisories/GHSA-phjr-8j92-w5v7
- https://github.com/containerd/containerd
- https://github.com/containerd/containerd/releases/tag/v1.5.18
- https://github.com/containerd/containerd/releases/tag/v1.6.18
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
- https://pkg.go.dev/vuln/GO-2023-1574
- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
Closed vulnerabilities
BDU:2023-05718
Уязвимость файла go.mod языка программирования Go, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
BDU:2024-07759
Уязвимость функции HandleData() пакета crypto/tls языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-07762
Уязвимость пакета html/template языка программирования Go, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
BDU:2024-07763
Уязвимость пакета html/template языка программирования Go, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
Modified: 2024-11-21
CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in