ALT Linux Team

Branch c10f2 update on 2024-09-20

2024-09-20

ALT-BU-2024-12999-1

Branch c10f2 update bulletin.

ALT-PU-2024-12871-2

Package trivy updated to version 0.55.0-alt1 for branch c10f2 in task 357691.

Closed bugs

Bug #47604

Не определяет версию trivy --version

ALT-PU-2024-12873-2

Package k8s-trivy-node-collector updated to version 0.3.1-alt1 for branch c10f2 in task 357691.

Closed vulnerabilities

Published: 2024-06-05

BDU:2024-04486

Уязвимость компонента net-netip языка программирования Golang, связанная с неправильным контролем доступа, позволяющая нарушителю обойти существующую политику ограничения доступа

Severity: MEDIUM (6.2) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
References:
Published: 2024-06-05
Modified: 2024-11-21

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2024-12881-3

Package SDL2_ttf updated to version 2.22.0-alt1 for branch c10f2 in task 357710.

Closed vulnerabilities

Published: 2022-05-04
Modified: 2024-11-21

CVE-2022-27470

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top