ALT-BU-2023-6740-1
Branch sisyphus_mipsel update bulletin.
Package qbittorrent updated to version 4.6.0-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2025-02-13
CVE-2023-30801
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.
- https://github.com/qbittorrent/qBittorrent/issues/18731
- https://github.com/qbittorrent/qBittorrent/issues/18731
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/
- https://vulncheck.com/advisories/qbittorrent-default-creds
- https://vulncheck.com/advisories/qbittorrent-default-creds
Package altlinux-mime-defaults updated to version 0.439-alt1 for branch sisyphus_mipsel.
Closed bugs
Упаковать пустой /etc/xdg/mimeapps.list
Package cups updated to version 2.4.7-alt2 for branch sisyphus_mipsel.
Closed bugs
dpkg-architecture: command not found
[PATCH] поддержка бездрайверного режима печати на Pantum BM5100ADW