ALT-BU-2024-6729-1
Branch c10f2 update bulletin.
Closed bugs
сборка актуальной версии (+rh errata)
Closed bugs
Ставит лишние пакеты от имени пользователя и без согласия
Telegram два ярлыка в меню
epm play flyview-client: find-requires: ERROR: /usr/lib/rpm/lib.req failed
При установке пакета создавать пустой /etc/hasplm/nethasp.ini, если в системе такого файла ещё нет.
eepm play vkteams: Failed to find Requires
eepm play vk - невозможно установить мессенджер
epm play rustdesk: Failed to find Requires
eagle не запускается после установки
epm play icq: Failed to find Requires
Не собирает zoom
Перестал работать автозапуск Skype
epm play flyview-server: не запускается сервис ipera-mediaserver
epm play liteide: cannot find go in PATH
epm full-upgrade: ошибка обновления snap-пакетов в тех случаях, когда snapd ранее не использовался
epm play wpsoffice: ошибка сегментирования при запуске приложения
Невозможно установить far2l-portable через appinstall на Alt Workstation 10.1
epm play jetbrain-toolbox: программа не работает
epm play vinteo.desktop: программа не устанавливается
epm play netbeans: программа не устанавливается
Проблемы с установкой пакета hplip-plugin через appinstall
epm play lycheeslicer: программа не устанавливается
epm play synology-drive: проблемы с установкой программы
Не устанавливается Yandex Browser
Некорректная работа epm downgrade
epm play wing
Некорректная установка пакета после перепаковки с помощью eepm
Package pam_pkcs11 updated to version 0.6.12.1-alt1 for branch c10f2 in task 344785.
Closed bugs
В версии пакета 0.6.12-alt1 отсутствует утилита pkcs11_make_hash_link
Closed bugs
отсутствует зависимость на zabbix-phpfrontend-engine
Closed vulnerabilities
Modified: 2025-02-13
CVE-2024-1874
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
- https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240510-0009/
- https://security.netapp.com/advisory/ntap-20240510-0009/
- https://www.vicarius.io/vsociety/posts/command-injection-vulnerability-in-php-on-windows-systems-cve-2024-1874-and-cve-2024-5585
Modified: 2025-02-13
CVE-2024-2756
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
- https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
- https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html
- https://security.netapp.com/advisory/ntap-20240510-0008/
- https://security.netapp.com/advisory/ntap-20240510-0008/
Modified: 2025-02-13
CVE-2024-2757
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq
- https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq
- https://security.netapp.com/advisory/ntap-20240510-0011/
- https://security.netapp.com/advisory/ntap-20240510-0011/
Modified: 2025-02-13
CVE-2024-3096
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- http://www.openwall.com/lists/oss-security/2024/04/12/11
- https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
- https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
- https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html
- https://security.netapp.com/advisory/ntap-20240510-0010/
- https://security.netapp.com/advisory/ntap-20240510-0010/