ALT Linux Team

Branch c10f2 update on 2024-02-14

2024-02-14

ALT-BU-2024-2290-1

Branch c10f2 update bulletin.

ALT-PU-2024-1712-4

Package poppler-current updated to version 23.08.0-alt1 for branch c10f2 in task 339564.

Closed vulnerabilities

Published: 2023-07-31
Modified: 2025-11-04

CVE-2023-34872

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2024-2026-2

Package apache2-mod_wsgi updated to version 4.9.4-alt0.c10f2.1 for branch c10f2 in task 340167.

Closed vulnerabilities

Published: 2022-08-22
Modified: 2024-09-13

BDU:2022-05209

Уязвимость модуля mod_wsgi веб-сервера Apache, связанная с ошибками при обработке заголовока X-Client-IP, позволяющая нарушителю получить несанкционированный доступ к сетевым службам

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (5.1) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2022-08-25
Modified: 2024-11-21

CVE-2022-2255

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top