ALT-BU-2013-1463-1
Branch t7 update bulletin.
Package branding-altlinux-kdesktop updated to version 7.0.2-alt2 for branch t7 in task 111106.
Closed bugs
Запускается в KDE
Package kernel-image-un-def updated to version 3.12.6-alt1 for branch t7 in task 111106.
Closed vulnerabilities
BDU:2014-00094
Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии
BDU:2014-00095
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2013-4587
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0247
- openSUSE-SU-2014:0247
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- USN-2109-1
- USN-2109-1
- USN-2110-1
- USN-2110-1
- USN-2113-1
- USN-2113-1
- USN-2117-1
- USN-2117-1
- USN-2128-1
- USN-2128-1
- USN-2129-1
- USN-2129-1
- USN-2135-1
- USN-2135-1
- USN-2136-1
- USN-2136-1
- USN-2138-1
- USN-2138-1
- USN-2139-1
- USN-2139-1
- USN-2141-1
- USN-2141-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1030986
- https://bugzilla.redhat.com/show_bug.cgi?id=1030986
- https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96
- https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
Modified: 2024-11-21
CVE-2013-6367
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b963a22e6d1a266a67e9eecc88134713fd54775c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b963a22e6d1a266a67e9eecc88134713fd54775c
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0247
- openSUSE-SU-2014:0247
- RHSA-2013:1801
- RHSA-2013:1801
- RHSA-2014:0163
- RHSA-2014:0163
- RHSA-2014:0284
- RHSA-2014:0284
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- 64270
- 64270
- USN-2109-1
- USN-2109-1
- USN-2110-1
- USN-2110-1
- USN-2113-1
- USN-2113-1
- USN-2117-1
- USN-2117-1
- USN-2128-1
- USN-2128-1
- USN-2129-1
- USN-2129-1
- USN-2135-1
- USN-2135-1
- USN-2136-1
- USN-2136-1
- USN-2138-1
- USN-2138-1
- USN-2139-1
- USN-2139-1
- USN-2141-1
- USN-2141-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1032207
- https://bugzilla.redhat.com/show_bug.cgi?id=1032207
- https://github.com/torvalds/linux/commit/b963a22e6d1a266a67e9eecc88134713fd54775c
- https://github.com/torvalds/linux/commit/b963a22e6d1a266a67e9eecc88134713fd54775c
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
Modified: 2024-11-21
CVE-2013-6368
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fda4e2e85589191b123d31cdc21fd33ee70f50fd
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fda4e2e85589191b123d31cdc21fd33ee70f50fd
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0247
- openSUSE-SU-2014:0247
- RHSA-2013:1801
- RHSA-2013:1801
- RHSA-2014:0163
- RHSA-2014:0163
- RHSA-2014:0284
- RHSA-2014:0284
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- 64291
- 64291
- USN-2113-1
- USN-2113-1
- USN-2117-1
- USN-2117-1
- USN-2133-1
- USN-2133-1
- USN-2134-1
- USN-2134-1
- USN-2135-1
- USN-2135-1
- USN-2136-1
- USN-2136-1
- USN-2138-1
- USN-2138-1
- USN-2139-1
- USN-2139-1
- USN-2141-1
- USN-2141-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1032210
- https://bugzilla.redhat.com/show_bug.cgi?id=1032210
- https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd
- https://github.com/torvalds/linux/commit/fda4e2e85589191b123d31cdc21fd33ee70f50fd
Modified: 2024-11-21
CVE-2013-6376
The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17d68b763f09a9ce824ae23eb62c9efc57b69271
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17d68b763f09a9ce824ae23eb62c9efc57b69271
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0204
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0205
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- [oss-security] 20131212 Re: [vs-plain] kvm issues
- 64319
- 64319
- USN-2113-1
- USN-2113-1
- USN-2117-1
- USN-2117-1
- USN-2136-1
- USN-2136-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1033106
- https://bugzilla.redhat.com/show_bug.cgi?id=1033106
- https://github.com/torvalds/linux/commit/17d68b763f09a9ce824ae23eb62c9efc57b69271
- https://github.com/torvalds/linux/commit/17d68b763f09a9ce824ae23eb62c9efc57b69271
Package kernel-modules-virtualbox-addition-std-def updated to version 4.3.4-alt1.199193.1 for branch t7 in task 111106.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-0404
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.
- 102061
- 102061
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64911
- 64911
- 1029610
- 1029610
- oracle-cpujan2014-cve20140404(90372)
- oracle-cpujan2014-cve20140404(90372)
Modified: 2024-11-21
CVE-2014-0405
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.
Modified: 2024-11-21
CVE-2014-0406
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.
- 102060
- 102060
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64905
- 64905
- 1029610
- 1029610
- oracle-cpujan2014-cve20140406(90371)
- oracle-cpujan2014-cve20140406(90371)
Modified: 2024-11-21
CVE-2014-0407
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.
- 102058
- 102058
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64913
- 64913
- 1029610
- 1029610
- oracle-cpujan2014-cve20140407(90369)
- oracle-cpujan2014-cve20140407(90369)
Modified: 2024-11-21
CVE-2015-0377
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- 62694
- 62694
- http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
- http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
- DSA-3143
- DSA-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72219
- 72219
- oracle-cpujan2015-cve20150377(100176)
- oracle-cpujan2015-cve20150377(100176)
- GLSA-201612-27
- GLSA-201612-27
Modified: 2024-11-21
CVE-2015-0418
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- 62694
- 62694
- DSA-3143
- DSA-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72194
- 72194
- oracle-cpujan2015-cve20150418(100182)
- oracle-cpujan2015-cve20150418(100182)
- GLSA-201612-27
- GLSA-201612-27
Package kernel-modules-virtualbox-std-def updated to version 4.3.4-alt1.199193.1 for branch t7 in task 111106.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-0404
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.
- 102061
- 102061
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64911
- 64911
- 1029610
- 1029610
- oracle-cpujan2014-cve20140404(90372)
- oracle-cpujan2014-cve20140404(90372)
Modified: 2024-11-21
CVE-2014-0405
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.
Modified: 2024-11-21
CVE-2014-0406
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.
- 102060
- 102060
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64905
- 64905
- 1029610
- 1029610
- oracle-cpujan2014-cve20140406(90371)
- oracle-cpujan2014-cve20140406(90371)
Modified: 2024-11-21
CVE-2014-0407
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.
- 102058
- 102058
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64913
- 64913
- 1029610
- 1029610
- oracle-cpujan2014-cve20140407(90369)
- oracle-cpujan2014-cve20140407(90369)
Modified: 2024-11-21
CVE-2015-0377
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- 62694
- 62694
- http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
- http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
- DSA-3143
- DSA-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72219
- 72219
- oracle-cpujan2015-cve20150377(100176)
- oracle-cpujan2015-cve20150377(100176)
- GLSA-201612-27
- GLSA-201612-27
Modified: 2024-11-21
CVE-2015-0418
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- 62694
- 62694
- DSA-3143
- DSA-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72194
- 72194
- oracle-cpujan2015-cve20150418(100182)
- oracle-cpujan2015-cve20150418(100182)
- GLSA-201612-27
- GLSA-201612-27
Package kernel-modules-virtualbox-un-def updated to version 4.3.4-alt1.199686.1 for branch t7 in task 111106.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-0404
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.
- 102061
- 102061
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64911
- 64911
- 1029610
- 1029610
- oracle-cpujan2014-cve20140404(90372)
- oracle-cpujan2014-cve20140404(90372)
Modified: 2024-11-21
CVE-2014-0405
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.
Modified: 2024-11-21
CVE-2014-0406
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.
- 102060
- 102060
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64905
- 64905
- 1029610
- 1029610
- oracle-cpujan2014-cve20140406(90371)
- oracle-cpujan2014-cve20140406(90371)
Modified: 2024-11-21
CVE-2014-0407
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.
- 102058
- 102058
- 56490
- 56490
- DSA-2878
- DSA-2878
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- 64758
- 64758
- 64913
- 64913
- 1029610
- 1029610
- oracle-cpujan2014-cve20140407(90369)
- oracle-cpujan2014-cve20140407(90369)
Modified: 2024-11-21
CVE-2015-0377
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- 62694
- 62694
- http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
- http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
- DSA-3143
- DSA-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72219
- 72219
- oracle-cpujan2015-cve20150377(100176)
- oracle-cpujan2015-cve20150377(100176)
- GLSA-201612-27
- GLSA-201612-27
Modified: 2024-11-21
CVE-2015-0418
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- 62694
- 62694
- DSA-3143
- DSA-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72194
- 72194
- oracle-cpujan2015-cve20150418(100182)
- oracle-cpujan2015-cve20150418(100182)
- GLSA-201612-27
- GLSA-201612-27