ALT-BU-2023-5815-1
Branch p10_e2k update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-41910
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
- https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b
- https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b
- https://github.com/lldpd/lldpd/releases/tag/1.0.17
- https://github.com/lldpd/lldpd/releases/tag/1.0.17
- [debian-lts-announce] 20230922 [SECURITY] [DLA 3578-1] lldpd security update
- [debian-lts-announce] 20230922 [SECURITY] [DLA 3578-1] lldpd security update
- DSA-5505
- DSA-5505
Package spice-vdagent updated to version 0.22.1-alt1.1 for branch p10_e2k.
Closed bugs
Циклическая зависимость сервисов systemd
Closed vulnerabilities
BDU:2023-05534
Уязвимость функции vim_regsub_both() текстового редактора Vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-05667
Уязвимость функции bt_quickfix текстового редактора vim, позволяющая нарушителю выполнить произвольный код
BDU:2023-05668
Уязвимость функции buflist_altfpos текстового редактора vim, позволяющая нарушителю выполнить произвольный код
BDU:2023-05669
Уязвимость функции ins_compl_get_exp текстового редактора vim, позволяющая нарушителю выполнить произвольный код
BDU:2023-05670
Уязвимость текстового редактора vim, связанная с использованием ненадёжного пути поиска, позволяющая нарушителю выполнить произвольный код
BDU:2023-05671
Уязвимость функции f_fullcommand текстового редактора vim , вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
BDU:2023-05672
Уязвимость текстового редактора vim, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2023-05673
Уязвимость функции vim_regsub_both текстового редактора vim, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4734
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4735
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4736
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
- https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4738
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Modified: 2024-11-21
CVE-2023-4781
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://support.apple.com/kb/HT213984
- https://support.apple.com/kb/HT213984
Closed vulnerabilities
Modified: 2025-02-13
CVE-2023-3823
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.
- https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
- https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
- https://security.netapp.com/advisory/ntap-20230825-0001/
- https://security.netapp.com/advisory/ntap-20230825-0001/
Modified: 2025-02-13
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
- https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
- https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/
- https://security.netapp.com/advisory/ntap-20230825-0001/
- https://security.netapp.com/advisory/ntap-20230825-0001/
Closed bugs
Не переведён path/parameter в диалоге управления скриптами
Не работает кнопка Показать файлы
Не изменяет политику Настройка механизма копирования файлов
Список языков интерфейса выглядит одинаково в любом варианте