ALT Linux Team

Package powershell update in sisyphus on 2022-02-12

ALT-PU-2022-1272-1

Package powershell updated to version 7.2.1-alt1 for branch sisyphus in task 295264.

Closed vulnerabilities

Published: 2020-09-08

BDU:2020-04320

Уязвимость средства контроля приложений Управление приложениями в Защитнике Windows (Windows Defender Application Control, WDAC) средства автоматизации PowerShell Core, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-08-10

BDU:2021-04773

Уязвимость программного средства .NET Core, расширяемого средства автоматизации PowerShell Core и средства разработки программного обеспечения Visual Studio, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-09-11
Modified: 2024-11-21

CVE-2020-0951

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.

To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.

The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.

Severity: HIGH (7.2)
References:
Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-26423

.NET Core and Visual Studio Denial of Service Vulnerability

Severity: MEDIUM (5.0)
References:
Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-34485

.NET Core and Visual Studio Information Disclosure Vulnerability

Severity: LOW (2.1)
References:
Published: 2021-10-13
Modified: 2024-11-21

CVE-2021-41355

.NET Core and Visual Studio Information Disclosure Vulnerability

Severity: LOW (2.9)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top