ALT-BU-2023-5582-1
Branch sisyphus_riscv64 update bulletin.
Package pesign updated to version 116-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-00640
Уязвимость демона pesign подсистемы инициализации и управления службами systemd, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2022-1249
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.
Modified: 2025-03-26
CVE-2022-3560
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
Package NetworkManager-openconnect updated to version 1.2.10-alt1 for branch sisyphus_riscv64.
Closed bugs
Unknown username "nm-openconnect" in message bus configuration file в DBus
Package spice-vdagent updated to version 0.22.1-alt1.1 for branch sisyphus_riscv64.
Closed bugs
Циклическая зависимость сервисов systemd
Package vim updated to version 9.0.1893-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4734
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4735
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4736
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
- https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4738
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4781
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Package docs-alt-server-v updated to version 10.1-alt8 for branch sisyphus_riscv64.
Closed bugs
Ошибка в описании настройки PVE High Availability в документации для Alt Server V.
Непоследовательность в описании кнопок интерфейса конфигурации VLAN в документации для Alt Server V.