Branch p10 update bulletin.

Package glibc updated to version 2.32-alt5.p10.2 for branch p10 in task 330909.

Published: 2023-10-03

BDU:2023-06269

Уязвимость динамического загрузчика ld.so библиотеки glibc, позволяющая нарушителю выполнить произвольный код c повышенными привилегиями

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-4911

Published: 2023-10-03
Modified: 2025-01-28

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package htop updated to version 3.2.2-alt2.1 for branch p10 in task 330930.

Published: 2008-11-14
Modified: 2024-11-21

CVE-2008-5076

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."

Severity: MEDIUM (4.6)

References:

Вынести desktop файл и сопутствующие файлы терминального приложения htop в отдельный пакет

Version: 2.1.0

Branch p10 update on 2023-10-07

ALT-BU-2023-6189-2

ALT-PU-2023-6088-2

Closed vulnerabilities

BDU:2023-06269

CVE-2023-4911

ALT-PU-2023-6111-3

Closed vulnerabilities

CVE-2008-5076

Closed bugs

Bug #47509