ALT Linux Team

Branch c10f2 update on 2026-01-02

2026-01-02

ALT-BU-2026-1016-1

Branch c10f2 update bulletin.

ALT-PU-2025-16331-3

Package python3-module-virtualenv updated to version 20.26.6-alt0.c10f2.1 for branch c10f2 in task 403775.

Closed vulnerabilities

Published: 2025-02-05
Modified: 2025-08-13

BDU:2024-10842

Уязвимость сценариев активации конструктора виртуальной среды Python virtualenv, позволяющая нарушителю выполнить произвольные команды

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-11-24
Modified: 2025-02-10

CVE-2024-53899

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2025-16360-3

Package python-module-future updated to version 0.18.2-alt1.c10f2.1 for branch c10f2 in task 404152.

Closed vulnerabilities

Published: 2023-05-10
Modified: 2025-10-02

BDU:2023-02446

Уязвимость программы совместимости версий Python Charmers Future, связанная с некорректным регулярным выражением, позволяющая нарушителю вызывать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2022-12-23
Modified: 2025-04-15

CVE-2022-40899

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top