ALT Linux Team

Branch c10f2 update on 2025-04-29

2025-04-29

ALT-BU-2025-6048-1

Branch c10f2 update bulletin.

ALT-PU-2025-5913-3

Package xerces-j2 updated to version 2.12.2-alt1_3jpp11 for branch c10f2 in task 382513.

Closed vulnerabilities

Published: 2022-01-24
Modified: 2024-11-21

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-5940-3

Package screen updated to version 4.8.0-alt3 for branch c10f2 in task 382578.

Closed vulnerabilities

Published: 2023-04-08
Modified: 2025-05-09

CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:

ALT-PU-2025-5950-2

Package unrar updated to version 6.2.3-alt1 for branch c10f2 in task 382587.

Closed vulnerabilities

Published: 2022-12-20

BDU:2023-07638

Уязвимость средства разархивирования файлов UnRAR, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2023-08-07
Modified: 2024-11-21

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top