Bug 14080

Summary:	[CVE21] patch 2.7.6 CVEs
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	critical
Priority:	Highest	CC:	a.proklov, pastordidi
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2018-6951,CVE-2018-20969,CVE-2019-20633
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-01 12:09:27 MSK

https://nvd.nist.gov/vuln/detail/CVE-2018-6951 Base Score: 7.5 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2018-20969 Base Score: 7.8 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2019-20633 Base Score: 5.5 MEDIUM

Comment 1 Aleksandr Proklov 2023-12-04 08:48:52 MSK

уязвимости закрыты патчами, собрано в 2021.15 тоже

patch	2.7.6-5

https://abf.io/build_lists/4856466
https://abf.io/build_lists/4856467 х64
https://abf.io/build_lists/4856468
https://abf.io/build_lists/4856469
https://abf.io/build_lists/4856470

Comment 2 Dmitry Postnikov 2023-12-07 10:35:38 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-14 07:52:50 MSK

patch-2.7.6-5
https://abf.io/build_lists/4856466
https://abf.io/build_lists/4856467 х64
https://abf.io/build_lists/4856468
https://abf.io/build_lists/4856469
https://abf.io/build_lists/4856470
********************** Advisory *********************
CVEs closed by patches
*****************************************************
QA Verified