ALT Linux Team

Branch sisyphus_e2k update on 2023-10-30

2023-10-30

ALT-BU-2023-6748-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2023-6746-1

Package vim updated to version 9.0.2009-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2023-10-02

BDU:2023-06596

Уязвимость функции trunc_string() текстового редактора Vim, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-10-02
Modified: 2024-11-21

CVE-2023-5344

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-10-06
Modified: 2024-11-21

CVE-2023-5441

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2023-6747-1

Package qbittorrent updated to version 4.6.0-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2023-10-10
Modified: 2025-02-13

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top