ALT-BU-2015-2800-1
Branch sisyphus update bulletin.
Package kernel-image-std-def updated to version 4.1.15-alt1 for branch sisyphus in task 154943.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8961
The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- 94135
- 94135
- https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b
- https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
Closed vulnerabilities
BDU:2016-00001
Уязвимости загрузчика операционных систем Grub2, позволяющие нарушителю получить конфиденциальную информацию или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-8370
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- FEDORA-2015-cebe5133e7
- FEDORA-2015-cebe5133e7
- FEDORA-2015-90c27b6e91
- FEDORA-2015-90c27b6e91
- openSUSE-SU-2015:2375
- openSUSE-SU-2015:2375
- SUSE-SU-2015:2385
- SUSE-SU-2015:2385
- SUSE-SU-2015:2386
- SUSE-SU-2015:2386
- SUSE-SU-2015:2387
- SUSE-SU-2015:2387
- openSUSE-SU-2015:2392
- openSUSE-SU-2015:2392
- SUSE-SU-2015:2399
- SUSE-SU-2015:2399
- openSUSE-SU-2016:0036
- openSUSE-SU-2016:0036
- http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
- http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
- RHSA-2015:2623
- RHSA-2015:2623
- 20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- 20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- DSA-3421
- DSA-3421
- [oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- [oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- [oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager
- [oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- 79358
- 79358
- 1034422
- 1034422
- USN-2836-1
- USN-2836-1
- GLSA-201512-03
- GLSA-201512-03
Closed bugs
Closed vulnerabilities
BDU:2015-12270
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-00376
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Modified: 2024-11-21
CVE-2015-6792
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- openSUSE-SU-2015:2346
- openSUSE-SU-2015:2346
- openSUSE-SU-2015:2347
- openSUSE-SU-2015:2347
- RHSA-2015:2665
- RHSA-2015:2665
- DSA-3456
- DSA-3456
- 79348
- 79348
- 1034491
- 1034491
- https://code.google.com/p/chromium/issues/detail?id=564501
- https://code.google.com/p/chromium/issues/detail?id=564501
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://codereview.chromium.org/1500153002
- https://codereview.chromium.org/1500153002
- https://codereview.chromium.org/1508563003
- https://codereview.chromium.org/1508563003
- GLSA-201603-09
- GLSA-201603-09
Modified: 2024-11-21
CVE-2015-8664
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- 79686
- 79686
- 1034491
- 1034491
- USN-2860-1
- USN-2860-1
- https://code.google.com/p/chromium/issues/detail?id=565023
- https://code.google.com/p/chromium/issues/detail?id=565023
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://codereview.chromium.org/1498903003
- https://codereview.chromium.org/1498903003
Closed bugs
46.0.2490.71-alt1 потерял зависимость на libGConf