ALT Linux Team

Branch p10 update on 2024-11-06

2024-11-06

ALT-BU-2024-15166-2

Branch p10 update bulletin.

ALT-PU-2024-14209-2

Package steam updated to version 1.0.0.82-alt0.p10.1 for branch p10 in task 359972.

Closed bugs

Bug #50316

Steam зависит от xorg-dri-vmwgfx

Bug #51618

Steam зависит от xorg-dri-vmwgfx

ALT-PU-2024-14312-2

Package libnss-role updated to version 0.5.6-alt4 for branch p10 in task 358067.

Closed bugs

Bug #50704

Накрывается медным тазом при обновлении p10 --> p11

ALT-PU-2024-14454-2

Package rsyslog updated to version 8.2408.0-alt2 for branch p10 in task 360336.

Closed bugs

Bug #44911

Не стартует автоматически с systemd

ALT-PU-2024-18044-1

Package iperf3 updated to version 3.17.1-alt1 for branch p10 in task 358395.

Closed vulnerabilities

Published: 2024-06-13
Modified: 2025-03-19

BDU:2024-04484

Уязвимость компонента OpenSSL Handler инструмента измерения пропускной способности сети Iperf3, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (5.4)Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N
References:
Published: 2024-05-14
Modified: 2025-11-03

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2024-18070-1

Package freerdp3 updated to version 3.8.0-alt2 for branch p10 in task 359516.

Closed vulnerabilities

Published: 2024-05-02
Modified: 2026-01-20

BDU:2024-03394

Уязвимость RDP-клиента FreeRDP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2024-05-02
Modified: 2025-11-19

BDU:2024-03395

Уязвимость RDP-клиента FreeRDP, связанная с чтением за границами памяти, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2024-05-02
Modified: 2025-11-19

BDU:2024-03401

Уязвимость RDP-клиента FreeRDP, связанная с чтением за границами памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-05-02
Modified: 2025-11-19

BDU:2024-03402

Уязвимость функции freerdp_image_copy RDP-клиента FreeRDP, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-05-02
Modified: 2025-11-19

BDU:2024-03403

Уязвимость RDP-клиента FreeRDP, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2024-04-23
Modified: 2025-11-03

CVE-2024-32658

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-04-23
Modified: 2025-11-03

CVE-2024-32659

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-04-23
Modified: 2025-11-03

CVE-2024-32660

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2024-04-23
Modified: 2025-11-03

CVE-2024-32661

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2024-04-23
Modified: 2025-02-04

CVE-2024-32662

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top