2024-02-21
ALT-BU-2024-2793-1
Branch sisyphus_loongarch64 update bulletin.
Package salt updated to version 3006.6-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Published: 2024-06-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2024-22231
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.
Severity: MEDIUM (5.0)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
References:
Published: 2024-06-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2024-22232
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.
Severity: HIGH (7.7)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Package php8.3-swoole updated to version 5.1.2-alt1.3 for branch sisyphus_loongarch64.
Closed bugs
/usr/lib64/php/8.3.1/extensions/swoole.so.so: cannot open shared object file: No such file or directory