ALT Linux Team

Branch sisyphus_e2k update on 2025-03-12

2025-03-12

ALT-BU-2025-4197-1

Branch sisyphus_e2k update bulletin.

ALT-PU-2025-4189-1

Package xzoom updated to version 20200501-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #52614

Добавить пакет xzoom mejorado (форк xzoom от Карлоса Пантелидеса)

ALT-PU-2025-4191-1

Package cacti updated to version 1.2.29-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2025-01-26

BDU:2025-00856

Уязвимость функций ss_net_snmp_disk_io() и ss_net_snmp_disk_bytes() программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2025-01-26

BDU:2025-00976

Уязвимость функции get_discovery_results() программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2025-01-26

BDU:2025-00977

Уязвимость сценария host_templates.php программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.6) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
References:
Published: 2024-08-26

BDU:2025-01037

Уязвимость веб-интерфейса программного средства мониторинга сети Cacti, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.0) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
References:
Published: 2025-02-12

BDU:2025-02172

Уязвимость функции шаблона в host_templates.php программного средства мониторинга сети Cacti, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: HIGH (7.6) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
References:
Published: 2025-01-27
Modified: 2025-03-04

CVE-2024-45598

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2025-01-27
Modified: 2025-03-04

CVE-2024-54145

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-01-27
Modified: 2025-03-04

CVE-2024-54146

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-01-27
Modified: 2025-03-04

CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-02-12

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2025-4192-1

Package squid updated to version 7.0.1-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2024-10-28

BDU:2024-08860

Уязвимость прокси-сервера Squid, связанная с ошибками при обработке входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2024-10-28
Modified: 2025-01-03

CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-4193-1

Package tinyxml updated to version 2.6.2-alt2 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2021-09-14

BDU:2022-06895

Уязвимость функции TiXmlParsingData::Stamp компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-12-06

BDU:2024-00003

Уязвимость функции TiXmlDeclaration::Parse() компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-10-11
Modified: 2024-11-21

CVE-2021-42260

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-12-13
Modified: 2024-11-21

CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-4194-1

Package xmag updated to version 1.0.8-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #52613

Обновить пакет xmag

ALT-PU-2025-4195-1

Package kde-theme-alt updated to version 0.4.0-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #53032

Выделение активного апплета выглядит некрасиво

ALT-PU-2025-4196-1

Package mkimage-profiles updated to version 1.7.5-alt1 for branch sisyphus_e2k.

Closed bugs

Bug #33530

Добавляет шрифты без необходимости

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top