Branch c10f2 update bulletin.

Package trivy updated to version 0.55.0-alt1 for branch c10f2 in task 357691.

Не определяет версию trivy --version

Package k8s-trivy-node-collector updated to version 0.3.1-alt1 for branch c10f2 in task 357691.

Published: 2024-06-13
Modified: 2024-12-05

BDU:2024-04486

Уязвимость компонента net-netip языка программирования Golang, связанная с неправильным контролем доступа, позволяющая нарушителю обойти существующую политику ограничения доступа

Severity: MEDIUM (6.2) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

Severity: MEDIUM (5.2) Vector: AV:L/AC:H/Au:N/C:P/I:C/A:P

References:

CVE-2024-24790

Published: 2024-06-05
Modified: 2024-11-21

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package SDL2_ttf updated to version 2.22.0-alt1 for branch c10f2 in task 357710.

Published: 2022-05-04
Modified: 2024-11-21

CVE-2022-27470

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch c10f2 update on 2024-09-20

ALT-BU-2024-12999-1

ALT-PU-2024-12871-2

Closed bugs

Bug #47604

ALT-PU-2024-12873-2

Closed vulnerabilities

BDU:2024-04486

CVE-2024-24790

ALT-PU-2024-12881-3

Closed vulnerabilities

CVE-2022-27470