ALT-BU-2025-11512-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-06-25
CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
- https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
- https://kb.cert.org/vuls/id/123335
- https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way
- https://www.cve.org/CVERecord?id=CVE-2024-1874
- https://www.cve.org/CVERecord?id=CVE-2024-22423
- https://www.cve.org/CVERecord?id=CVE-2024-24576
- https://www.kb.cert.org/vuls/id/123335
- https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
- https://kb.cert.org/vuls/id/123335
- https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way
- https://www.cve.org/CVERecord?id=CVE-2024-1874
- https://www.cve.org/CVERecord?id=CVE-2024-22423
- https://www.cve.org/CVERecord?id=CVE-2024-24576
- https://www.kb.cert.org/vuls/id/123335
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-41043
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
Package x2goclient updated to version 4.1.2.3-alt2 for branch sisyphus in task 394444.
Closed bugs
"Невозможно выполнить: startkde5" при попытке подключения с XFCE к KDE
Package qt6-webengine updated to version 6.9.2-alt3 for branch sisyphus in task 394445.
Closed bugs
KMail не отображает письмо
Package docs-alt-server updated to version 11.1-alt2 for branch sisyphus in task 394463.
Closed bugs
Опечатка в названии модуля manager в Главе 33.1
Неправильная команда для запуска приложения Альт Пакеты в Главе 36.1
Глава 58.7.2 Задания синхронизации: пропущена буква в слове "когда"
Глава 90.3 Команда auditctl: пропущена буква в слове "будут"
Глава 90.7.1 Установка правил с помощью auditclt: лишняя буква в слове "записывать"
Closed bugs
Неисправимая ошибка: Failed to obtain authentication.