ALT Linux Team

Branch c10f1 update on 2024-02-03

2024-02-03

ALT-BU-2024-1748-2

Branch c10f1 update bulletin.

ALT-PU-2024-1576-2

Package php8.2-swoole updated to version 5.1.1-alt2.15 for branch c10f1 in task 339375.

Closed bugs

Bug #49116

Ошибка сегментирования в php8.3, при наличии php8.3-swoole и php8.3-mysqlnd

ALT-PU-2024-1610-2

Package libdnf updated to version 0.65.0-alt1 for branch c10f1 in task 339362.

Closed vulnerabilities

Published: 2021-10-05

BDU:2021-04884

Уязвимость библиотеки менеджера пакета libdnf, связанная с некорректным подтверждением криптографической подписи данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM (5.1)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2021-05-19
Modified: 2024-11-21

CVE-2021-3445

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Severity: MEDIUM (5.1)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2024-1683-3

Package wireshark updated to version 4.0.11-alt1 for branch c10f1 in task 339327.

Closed vulnerabilities

Published: 2023-10-17
Modified: 2024-04-17

BDU:2023-06834

Уязвимость диссектора RTPS анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2023-11-29
Modified: 2024-04-03

BDU:2023-08203

Уязвимость парсера файлов NetScreen анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2023-12-04
Modified: 2026-04-09

BDU:2023-08355

Уязвимость SSH-диссектора анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2023-10-04
Modified: 2024-11-21

CVE-2023-5371

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2023-11-16
Modified: 2024-11-21

CVE-2023-6174

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2024-03-26
Modified: 2025-11-04

CVE-2023-6175

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file

Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top