ALT Linux Team

Branch sisyphus update on 2023-09-12

2023-09-12

ALT-BU-2023-5546-1

Branch sisyphus update bulletin.

ALT-PU-2023-5538-2

Package vim updated to version 9.0.1893-alt1 for branch sisyphus in task 329249.

Closed vulnerabilities

Published: 2023-09-04
Modified: 2024-11-21

CVE-2023-4733

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
Modified: 2024-11-21

CVE-2023-4734

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
Modified: 2024-11-21

CVE-2023-4735

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
Modified: 2024-11-21

CVE-2023-4736

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-02
Modified: 2024-11-21

CVE-2023-4738

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-04
Modified: 2024-11-21

CVE-2023-4750

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-04
Modified: 2024-11-21

CVE-2023-4752

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-09-05
Modified: 2024-11-21

CVE-2023-4781

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-5540-1

Package kernel-image-centos updated to version 5.14.0.364-alt1.el9 for branch sisyphus in task 329267.

Closed vulnerabilities

Published: 2023-07-06

BDU:2023-04270

Уязвимость функции fw_set_parms() в модуле net/sched/cls_fw.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации и повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-07-22
Modified: 2025-02-13

CVE-2023-3776

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2023-5541-1

Package spice-vdagent updated to version 0.22.1-alt1.1 for branch sisyphus in task 329284.

Closed bugs

Bug #47329

Циклическая зависимость сервисов systemd

ALT-PU-2023-5544-1

Package NetworkManager-openconnect updated to version 1.2.10-alt1 for branch sisyphus in task 329323.

Closed bugs

Bug #47321

Unknown username "nm-openconnect" in message bus configuration file в DBus

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top