ALT-BU-2014-2804-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 3.14.5-alt1 for branch sisyphus in task 120573.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2014-7284
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2014/10/01/19
- https://bugzilla.redhat.com/show_bug.cgi?id=1148788
- https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2014/10/01/19
- https://bugzilla.redhat.com/show_bug.cgi?id=1148788
- https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
Modified: 2025-04-12
CVE-2014-9715
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279
- http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1534.html
- http://rhn.redhat.com/errata/RHSA-2015-1564.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2015/04/08/1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/73953
- http://www.securitytracker.com/id/1032415
- https://bugzilla.redhat.com/show_bug.cgi?id=1208684
- https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279
- http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1534.html
- http://rhn.redhat.com/errata/RHSA-2015-1564.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2015/04/08/1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/73953
- http://www.securitytracker.com/id/1032415
- https://bugzilla.redhat.com/show_bug.cgi?id=1208684
- https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279
Closed vulnerabilities
Modified: 2024-07-05
BDU:2015-04134
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-04-12
CVE-2014-2013
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
- http://bugs.ghostscript.com/show_bug.cgi?id=694957
- http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=60dabde18d7fe12b19da8b509bdfee9cc886aafc
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html
- http://seclists.org/fulldisclosure/2014/Jan/130
- http://seclists.org/oss-sec/2014/q1/375
- http://secunia.com/advisories/58904
- http://www.debian.org/security/2014/dsa-2951
- http://www.exploit-db.com/exploits/31090
- http://www.hdwsec.fr/blog/mupdf.html
- http://www.osvdb.org/102340
- http://www.securityfocus.com/bid/65036
- http://bugs.ghostscript.com/show_bug.cgi?id=694957
- http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=60dabde18d7fe12b19da8b509bdfee9cc886aafc
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html
- http://seclists.org/fulldisclosure/2014/Jan/130
- http://seclists.org/oss-sec/2014/q1/375
- http://secunia.com/advisories/58904
- http://www.debian.org/security/2014/dsa-2951
- http://www.exploit-db.com/exploits/31090
- http://www.hdwsec.fr/blog/mupdf.html
- http://www.osvdb.org/102340
- http://www.securityfocus.com/bid/65036