BDU:2024-04914

Уязвимость сервера средства криптографической защиты OpenSSH, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.0) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

CVE-2024-6387

Published: 2024-07-01
Modified: 2024-11-21

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package cri-o1.28 updated to version 1.28.8-alt1 for branch sisyphus_riscv64.

Published: 2024-06-12

BDU:2024-04923

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References:

CVE-2024-5154

Published: 2024-06-12
Modified: 2024-12-11

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

References:

Package cri-o1.29 updated to version 1.29.6-alt1 for branch sisyphus_riscv64.

Published: 2024-06-12

BDU:2024-04923

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References:

CVE-2024-5154

Published: 2024-06-12
Modified: 2024-12-11

CVE-2024-5154

References:

Version: 2.1.0

Branch sisyphus_riscv64 update on 2024-07-11

ALT-BU-2024-9877-1

ALT-PU-2024-9872-1

Closed bugs

Bug #42138

ALT-PU-2024-9874-1

Closed vulnerabilities

BDU:2024-04914

CVE-2024-6387

ALT-PU-2024-9875-1

Closed vulnerabilities

BDU:2024-04923

CVE-2024-5154

ALT-PU-2024-9876-1

Closed vulnerabilities

BDU:2024-04923

CVE-2024-5154