ALT Linux Team

Branch p10_e2k update on 2024-01-27

2024-01-27

ALT-BU-2024-1498-1

Branch p10_e2k update bulletin.

ALT-PU-2024-1495-1

Package krb5 updated to version 1.19.4-alt3 for branch p10_e2k.

Closed vulnerabilities

Published: 2022-11-08

BDU:2022-06787

Уязвимость реализации протокола Kerberos операционных систем Windows, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-11-10
Modified: 2025-01-03

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

References:

ALT-PU-2024-1496-1

Package faad updated to version 2.11.1-alt1 for branch p10_e2k.

Closed vulnerabilities

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-38857

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-38858

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2024-1497-1

Package zabbix updated to version 6.0.25-alt0.p10.3 for branch p10_e2k.

Closed vulnerabilities

Published: 2023-12-18

BDU:2024-00033

Уязвимость функции icmpping универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18

BDU:2024-00645

Уязвимость компонента DNS Response Handler агента универсальной системы мониторинга Zabbix, позволяющая нарушителю вызвать переполнение буфера

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18
Modified: 2024-11-21

CVE-2023-32726

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18
Modified: 2024-11-21

CVE-2023-32727

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18
Modified: 2024-11-21

CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #49152

Несколько неприятных CVE в Zabbix 6.0.22: CVE-2023-32728, CVE-2023-32727, CVE-2023-32726

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top