ALT-BU-2024-1209-1
Branch sisyphus_e2k update bulletin.
Package gpupdate updated to version 0.9.13.5-alt1 for branch sisyphus_e2k.
Closed bugs
Группа политик Управление электропитанием: не работает чекбокс Блокировать (машинные политики)
Группа политик Управление электропитанием: дублируются строки в конфигурации (пользовательские политики)
Package admx-basealt updated to version 0.1.13.5-alt1 for branch sisyphus_e2k.
Closed bugs
Скорректировать опции в политике Обратный поиск DNS для запросов OpenLDAP
(FR) Поправить англицизм в Разрешения PackageKit: экшена → действия
Опечатка в описании политики "Настройка механизма копирования файлов"
Стилистически неверное описание пункта списка (Только root может запускать -> Только root) для политики Разрешения для /usr/sbin/pppd
Поправить описание политики: /usr/bin/postqueue -> /usr/sbin/postqueue
Опечатка и несогласованное предложение в описании политики
Package freeswitch updated to version 1.10.11-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-51443
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.
- http://packetstormsecurity.com/files/176393/FreeSWITCH-Denial-Of-Service.html
- http://packetstormsecurity.com/files/176393/FreeSWITCH-Denial-Of-Service.html
- https://github.com/signalwire/freeswitch/commit/86cbda90b84ba186e508fbc7bfae469270a97d11
- https://github.com/signalwire/freeswitch/commit/86cbda90b84ba186e508fbc7bfae469270a97d11
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6
Package admc updated to version 0.15.2-alt1 for branch sisyphus_e2k.
Closed bugs
При первом запуске admc сообщение: Тема, указанная в настройках, не найдена