ALT-BU-2024-13281-1
Branch p10_e2k update bulletin.
Closed vulnerabilities
BDU:2024-04683
Уязвимость компонента userinfo URI менеджера загрузок GNU Wget, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
Modified: 2024-11-21
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
- https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
- https://security.netapp.com/advisory/ntap-20241115-0005/
- https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
Closed bugs
Поломался wget
wget выдаёт "Неверный системный вызов" на aarch64
Closed vulnerabilities
BDU:2024-05964
Уязвимость DNS-сервера BIND, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-06134
Уязвимость DNS-сервера BIND, связанная с использованием функции assert() или похожего оператора, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-06188
Уязвимость DNS-сервера BIND, связанная с распределением ресурсов без ограничений и регулирования, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Modified: 2024-11-21
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Modified: 2024-11-21
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.