Branch sisyphus update bulletin.

Package python3-module-aiohttp updated to version 3.9.5-alt1 for branch sisyphus in task 347306.

Published: 2024-04-18
Modified: 2024-11-21

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.

References:

Package installer updated to version 1.15.5-alt1 for branch sisyphus in task 344505.

Добавить пользовательские initinstall.d скрипты

Package megapixels updated to version 2.0.0-alt1.git98108a7 for branch sisyphus in task 345948.

Актуализировать домашнюю страницу

Package chromium updated to version 124.0.6367.118-alt1 for branch sisyphus in task 347227.

Published: 2024-05-01
Modified: 2024-12-20

CVE-2024-4331

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2024-05-01
Modified: 2025-03-13

CVE-2024-4368

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package freetds updated to version 1.4.10-alt2 for branch sisyphus in task 347260.

Прошу собрать с поддержкой krb5

Package nasm updated to version 2.16.03-alt1 for branch sisyphus in task 347261.

Published: 2023-01-04
Modified: 2025-04-10

CVE-2022-46456

NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

References:

Package docs-alt-server-v updated to version 10.2-alt2 for branch sisyphus in task 347281.

Название пакета smartmontools не выделено курсивом в документации для Alt Server V.

Названия пакетов libvirt-kvm, libvirt-lxc, openisci не выделены курсивом в документации для Alt Server V.

Лишнее тире в главе о virt-install в документации для Alt Server V.

Ошибка в тексте команды в главе о снимках ВМ в документации для Alt Server V.

Несоответствие в тексте и изображении в главе о настройке сетевых мостов в документации для Alt Server V.

Пропущен пробел в описании команды в документации для Alt Server V.

Опечатка в главе 32.2.2. Скачивание шаблона контейнера из магазина DockerHub

Глава 31.3.4.2.1 Опечатка в названии пакета sysfsutils

В главе 31.3.4.5 присутствует несуществующий бинарник

Package ImageMagick updated to version 7.1.1.31-alt1 for branch sisyphus in task 347305.

Добавить компонент 'pango'

Version: 2.1.1

Branch sisyphus update on 2024-05-03

ALT-BU-2024-7410-2

ALT-PU-2024-17385-1

Closed vulnerabilities

CVE-2024-27306

ALT-PU-2024-6029-4

Closed bugs

Bug #49907

ALT-PU-2024-7295-3

Closed bugs

Bug #47145

ALT-PU-2024-7311-2

Closed vulnerabilities

CVE-2024-4331

CVE-2024-4368

ALT-PU-2024-7378-2

Closed bugs

Bug #50204

ALT-PU-2024-7382-1

Closed vulnerabilities

CVE-2022-46456

ALT-PU-2024-7386-2

Closed bugs

Bug #50152

Bug #50153

Bug #50154

Bug #50155

Bug #50156

Bug #50157

Bug #50199

Bug #50208

Bug #50215

ALT-PU-2024-7398-1

Closed bugs

Bug #50167