Branch sisyphus update bulletin.

Package node updated to version 20.12.2-alt1 for branch sisyphus in task 345946.

Published: 2025-01-09
Modified: 2025-01-10

CVE-2024-27980

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

References:

http://www.openwall.com/lists/oss-security/2024/04/10/15
http://www.openwall.com/lists/oss-security/2024/07/11/6
http://www.openwall.com/lists/oss-security/2024/07/19/3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/

Package plasma5-nm updated to version 5.27.11-alt2 for branch sisyphus in task 345981.

При создании bond невозможно установить режим balance-xor

Version: 2.1.0

Branch sisyphus update on 2024-04-28

ALT-BU-2024-7227-1

ALT-PU-2024-7199-2

Closed vulnerabilities

CVE-2024-27980

ALT-PU-2024-7215-1

Closed bugs

Bug #48393