ALT-BU-2024-11592-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-12-06
CVE-2024-28103
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
- https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
- https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
- https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
- https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
- https://security.netapp.com/advisory/ntap-20241206-0002/
Closed bugs
Не хватает зависимостей
Package LibreOffice-still updated to version 24.2.5.2-alt1 for branch sisyphus in task 355817.
Closed vulnerabilities
BDU:2024-04136
Уязвимость пакета офисных программ LibreOffice, связанная с возможностью внедрения кода или данных, позволяющая нарушителю выполнить произвольный код
BDU:2024-04913
Уязвимость компонента LibreOfficeKit пакета офисных программ LibreOffice, позволяющая уязвимости может позволить нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2024-3044
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/
- https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044
- https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044
Modified: 2024-11-21
CVE-2024-5261
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers. In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false) In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true. This issue affects LibreOffice before version 24.2.4.
Modified: 2024-08-06
CVE-2024-6472
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.
Package rpi4-boot-switch updated to version 0.15-alt1 for branch sisyphus in task 352167.
Closed bugs
Файл bcm2712d0-rpi-5-b.dtb не копируется на FAT раздел