ALT Linux Team

Branch p10 update on 2025-05-28

2025-05-28

ALT-BU-2025-7422-1

Branch p10 update bulletin.

ALT-PU-2025-6288-4

Package python3-module-virtualenv updated to version 20.30.0-alt0.p10.1 for branch p10 in task 380082.

Closed vulnerabilities

Published: 2025-02-05
Modified: 2025-08-13

BDU:2024-10842

Уязвимость сценариев активации конструктора виртуальной среды Python virtualenv, позволяющая нарушителю выполнить произвольные команды

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-11-24
Modified: 2025-02-10

CVE-2024-53899

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2025-6888-2

Package dcmtk updated to version 3.6.6-alt2 for branch p10 in task 384198.

Closed vulnerabilities

Published: 2025-01-13
Modified: 2025-11-03

CVE-2024-47796

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-13
Modified: 2025-11-03

CVE-2024-52333

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top