ALT-BU-2023-7614-1
Branch sisyphus_e2k update bulletin.
Package tang updated to version 14-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
- https://access.redhat.com/security/cve/CVE-2023-1672
- https://access.redhat.com/security/cve/CVE-2023-1672
- RHBZ#2180999
- RHBZ#2180999
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://www.openwall.com/lists/oss-security/2023/06/15/1
- https://www.openwall.com/lists/oss-security/2023/06/15/1
Package uwsgi updated to version 2.0.23-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-02021
Уязвимость компонента mod_proxy_uwsgi веб-сервера Apache HTTP Server связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"
Modified: 2025-02-13
CVE-2023-27522
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
- https://security.gentoo.org/glsa/202309-01
- https://security.gentoo.org/glsa/202309-01
Package rabbitmq-c updated to version 0.13.0-alt2 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-03-30
CVE-2023-35789
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
Package gnutls30 updated to version 3.8.2-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
- http://www.openwall.com/lists/oss-security/2024/01/19/3
- RHSA-2024:0155
- RHSA-2024:0155
- RHSA-2024:0319
- RHSA-2024:0319
- RHSA-2024:0399
- RHSA-2024:0399
- RHSA-2024:0451
- RHSA-2024:0451
- RHSA-2024:0533
- RHSA-2024:0533
- RHSA-2024:1383
- RHSA-2024:1383
- RHSA-2024:2094
- RHSA-2024:2094
- https://access.redhat.com/security/cve/CVE-2023-5981
- https://access.redhat.com/security/cve/CVE-2023-5981
- RHBZ#2248445
- RHBZ#2248445
- https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
- https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
Closed bugs
CVE-2023-5981 для закрытия необходимо обновление до версии 3.8.2
Package qbittorrent updated to version 4.6.1-alt1 for branch sisyphus_e2k.
Closed bugs
Пропал значок в трее
Пропал значок в трее
Package papirus-icon-theme updated to version 20231101-alt2 for branch sisyphus_e2k.
Closed bugs
papirus-remix-icon-theme со всеми цветовыми темами