Branch sisyphus_e2k update bulletin.

Package roundcube updated to version 1.6.4-alt1 for branch sisyphus_e2k.

Published: 2023-09-22

BDU:2023-06297

Уязвимость компонента program/lib/Roundcube/rcube_string_replacer.php почтового клиента RoundCube Webmail, позволяющая нарушителю провести атаку межсайтового скриптинга

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2023-43770

Published: 2023-10-16

BDU:2023-07143

Уязвимость библиотеки program/lib/Roundcube/rcube_washtml.php почтового клиента RoundCube Webmail, позволяющая нарушителю выполнить произвольный JavaScript-код

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2023-5631

Published: 2023-09-22
Modified: 2024-12-20

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2023-10-18
Modified: 2025-03-19

CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Package kf5-breeze-icons updated to version 5.111.0-alt2 for branch sisyphus_e2k.

У Yandex Browser красно-белая иконка в icon-theme-breeze

Package python3-module-GitPython updated to version 3.1.40-alt1 for branch sisyphus_e2k.

[CVE] Прошу собрать версию 3.1.37

Package netdata updated to version 1.43.0-alt2 for branch sisyphus_e2k.

Собрать netdata без distutils

Package python3-module-passlib updated to version 1.7.4-alt2 for branch sisyphus_e2k.

Собрать python3-module-passlib без distutils

Package vim updated to version 9.0.2081-alt1 for branch sisyphus_e2k.

Published: 2023-10-11
Modified: 2024-11-21

CVE-2023-5535

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package appstream-data updated to version 20231031-alt1 for branch sisyphus_e2k.

VLC устанавливает из Центра приложений Gnome vlc-mini а не vlc

Package python3-module-buildozer updated to version 1.5.0-alt2 for branch sisyphus_e2k.

Собрать python3-module-buildozer без distutils

Package apache2-mod_perl updated to version 2.0.13-alt1 for branch sisyphus_e2k.

Published: 2007-03-30

BDU:2022-02598

Уязвимость компонентов PerlRun.pm и RegistryCooker.pm модуль для веб-сервера Apache mod_perl, позволяющие нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

CVE-2007-1349

Published: 2007-03-30
Modified: 2024-11-21

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Severity: MEDIUM (5.0)

References:

apache2-mod_perl: update to 2.0.13 to support perl 5.38

Package alterator-ports-access updated to version 0.5.5-alt1 for branch sisyphus_e2k.

Сломан редактор правил USB

Package tcpreplay updated to version 4.4.4-alt1 for branch sisyphus_e2k.

Published: 2023-03-16

BDU:2023-02104

Уязвимость функции rmacinstring утилиты редактирования и воспроизведения PCAP-файлов Tcpreplay, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-27786

Published: 2023-03-16
Modified: 2025-02-27

CVE-2023-27783

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.