ALT-BU-2024-9890-1
Branch sisyphus_loongarch64 update bulletin.
Package cri-o1.28 updated to version 1.28.8-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-04923
Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе
Modified: 2024-12-11
CVE-2024-5154
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
- RHSA-2024:10818
- RHSA-2024:3676
- RHSA-2024:3676
- RHSA-2024:3700
- RHSA-2024:3700
- RHSA-2024:4008
- RHSA-2024:4008
- RHSA-2024:4486
- RHSA-2024:4486
- https://access.redhat.com/security/cve/CVE-2024-5154
- https://access.redhat.com/security/cve/CVE-2024-5154
- RHBZ#2280190
- RHBZ#2280190
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
Package cri-o1.29 updated to version 1.29.6-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-04923
Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе
Modified: 2024-12-11
CVE-2024-5154
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
- RHSA-2024:10818
- RHSA-2024:3676
- RHSA-2024:3676
- RHSA-2024:3700
- RHSA-2024:3700
- RHSA-2024:4008
- RHSA-2024:4008
- RHSA-2024:4486
- RHSA-2024:4486
- https://access.redhat.com/security/cve/CVE-2024-5154
- https://access.redhat.com/security/cve/CVE-2024-5154
- RHBZ#2280190
- RHBZ#2280190
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
Package gpsbabel updated to version 1.9.0-alt1 for branch sisyphus_loongarch64.
Closed bugs
Не работает просмотр в Google Maps
Package snapd-glib-2 updated to version 1.65-alt1.1 for branch sisyphus_loongarch64.
Closed bugs
Потерян заголовок Snapd/Notice
Package libgtk+3 updated to version 3.24.43-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-03-14
CVE-2024-6655
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHSA-2024:6963
- RHSA-2024:9184
- https://access.redhat.com/security/cve/CVE-2024-6655
- https://access.redhat.com/security/cve/CVE-2024-6655
- RHBZ#2297098
- RHBZ#2297098
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0
- https://www.openwall.com/lists/oss-security/2024/09/09/1
Package yuki-iptv updated to version 0.0.12-alt1 for branch sisyphus_loongarch64.
Closed bugs
Не работает yuki-iptv