ALT-BU-2024-17547-2
Branch p10 update bulletin.
Package plasma5-sdk updated to version 5.27.11-alt3 for branch p10 in task 364395.
Closed bugs
Пустой выпадающий список в plasmathemeexplorer
Обрезается содержимое окна для создания темы в plasmathemeexplorer
Не работает кнопка "Открыть во внешней программе" в cuttlefish
Двойное оповещение при создании нового оформления в lookandfeelexplorer
Package kde5-kontact updated to version 23.08.5-alt2 for branch p10 in task 364735.
Closed bugs
Программа вылетает после нажатия на "Настроить учетные записи"
Closed vulnerabilities
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
Closed vulnerabilities
BDU:2024-06667
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильной проверкой или обработкой исключительных условий, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-15
BDU:2024-09085
Уязвимость алгоритма распределения данных Raft Consensus Algorithm хранилища Integrated storage (Raft) платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-09147
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильным назначением привилегий, позволяющая нарушителю повысить свои привилегии
Modified: 2025-08-13
CVE-2024-6468
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.
Modified: 2025-11-13
CVE-2024-8185
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
Modified: 2025-12-31
CVE-2024-9180
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
Modified: 2024-09-07
GHSA-2qmw-pvf7-4mw6
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
Modified: 2025-08-04
GHSA-g233-2p4r-3q7v
Hashicorp Vault vulnerable to denial of service through memory exhaustion
- https://nvd.nist.gov/vuln/detail/CVE-2024-8185
- https://github.com/hashicorp/vault/commit/195dfca433028887973f5bd82d173d91fe9dab4a
- https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047
- https://github.com/hashicorp/vault
- https://openbao.org/docs/release-notes/2-0-0/#203
Modified: 2025-08-04
GHSA-rr8j-7w34-xp5j
Vault Community Edition privilege escalation vulnerability
Closed bugs
Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468