ALT Linux Team

Branch sisyphus_e2k update on 2024-05-08

2024-05-08

ALT-BU-2024-7616-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2024-7612-1

Package tinyproxy updated to version 1.11.1-alt2 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2024-05-01

BDU:2024-03549

Уязвимость комопнента обработки заголовков HTTP-запросов демона прокси-сервера, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-05-01
Modified: 2024-11-21

CVE-2023-49606

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

References:

ALT-PU-2024-7614-1

Package kde5-kalgebra updated to version 23.08.5-alt2 for branch sisyphus_e2k.

Closed bugs

Bug #49909

Не импортируется содержимое сценария в kAlgebra

ALT-PU-2024-7615-1

Package graphviz updated to version 11.0.0-alt2 for branch sisyphus_e2k.

Closed bugs

Bug #50278

graphviz: redundant redeclaration of 'aghtmlstr'

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top