ALT-BU-2024-2388-1
Branch p10_e2k update bulletin.
Closed bugs
apt_rpm не обновляет пакеты
Package ghostscript updated to version 10.01.1-alt2 for branch p10_e2k.
Closed bugs
Артефакты генерации postscript, отсутствие текста на тестовой странице CUPS
Package apache2-mod_wsgi updated to version 4.9.4-alt0.p10.1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05209
Уязвимость модуля mod_wsgi веб-сервера Apache, связанная с ошибками при обработке заголовока X-Client-IP, позволяющая нарушителю получить несанкционированный доступ к сетевым службам
Modified: 2024-11-21
CVE-2022-2255
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
- https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941
- https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941
- https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082
- https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082
- [debian-lts-announce] 20220915 [SECURITY] [DLA 3111-1] mod-wsgi security update
- [debian-lts-announce] 20220915 [SECURITY] [DLA 3111-1] mod-wsgi security update
- https://modwsgi.readthedocs.io/en/latest/release-notes/version-4.9.3.html
- https://modwsgi.readthedocs.io/en/latest/release-notes/version-4.9.3.html
Package ansible-core updated to version 2.15.9-alt0.p10.1 for branch p10_e2k.
Closed vulnerabilities
BDU:2023-07854
Уязвимость системы управления конфигурациями Ansible, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
- RHSA-2023:7773
- RHSA-2023:7773
- https://access.redhat.com/security/cve/CVE-2023-5764
- https://access.redhat.com/security/cve/CVE-2023-5764
- RHBZ#2247629
- RHBZ#2247629
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/
- https://security.netapp.com/advisory/ntap-20241025-0001/
Modified: 2025-01-17
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
- RHSA-2024:0733
- RHSA-2024:0733
- RHSA-2024:2246
- RHSA-2024:2246
- RHSA-2024:3043
- RHSA-2024:3043
- https://access.redhat.com/security/cve/CVE-2024-0690
- https://access.redhat.com/security/cve/CVE-2024-0690
- RHBZ#2259013
- RHBZ#2259013
- https://github.com/ansible/ansible/pull/82565
- https://github.com/ansible/ansible/pull/82565
- https://security.netapp.com/advisory/ntap-20250117-0001/
Closed bugs
apt_rpm не обновляет пакеты