ALT-BU-2015-2800-1
Branch sisyphus update bulletin.
Package kernel-image-std-def updated to version 4.1.15-alt1 for branch sisyphus in task 154943.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2015-8961
The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- http://www.securityfocus.com/bid/94135
- https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b
- https://source.android.com/security/bulletin/2016-11-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- http://www.securityfocus.com/bid/94135
- https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b
- https://source.android.com/security/bulletin/2016-11-01.html
Closed vulnerabilities
Modified: 2024-10-29
BDU:2016-00001
Уязвимости загрузчика операционных систем Grub2, позволяющие нарушителю получить конфиденциальную информацию или вызвать отказ в обслуживании
Modified: 2025-04-12
CVE-2015-8370
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html
- http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
- http://rhn.redhat.com/errata/RHSA-2015-2623.html
- http://seclists.org/fulldisclosure/2015/Dec/69
- http://www.debian.org/security/2015/dsa-3421
- http://www.openwall.com/lists/oss-security/2015/12/15/6
- http://www.openwall.com/lists/oss-security/2024/01/15/3
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/archive/1/537115/100/0/threaded
- http://www.securityfocus.com/bid/79358
- http://www.securitytracker.com/id/1034422
- http://www.ubuntu.com/usn/USN-2836-1
- https://security.gentoo.org/glsa/201512-03
- http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html
- http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
- http://rhn.redhat.com/errata/RHSA-2015-2623.html
- http://seclists.org/fulldisclosure/2015/Dec/69
- http://www.debian.org/security/2015/dsa-3421
- http://www.openwall.com/lists/oss-security/2015/12/15/6
- http://www.openwall.com/lists/oss-security/2024/01/15/3
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/archive/1/537115/100/0/threaded
- http://www.securityfocus.com/bid/79358
- http://www.securitytracker.com/id/1034422
- http://www.ubuntu.com/usn/USN-2836-1
- https://security.gentoo.org/glsa/201512-03
Closed bugs
Closed vulnerabilities
Modified: 2021-03-23
BDU:2015-12270
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2021-03-23
BDU:2016-00376
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Modified: 2025-04-12
CVE-2015-6792
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html
- http://rhn.redhat.com/errata/RHSA-2015-2665.html
- http://www.debian.org/security/2016/dsa-3456
- http://www.securityfocus.com/bid/79348
- http://www.securitytracker.com/id/1034491
- https://code.google.com/p/chromium/issues/detail?id=564501
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://codereview.chromium.org/1500153002
- https://codereview.chromium.org/1508563003
- https://security.gentoo.org/glsa/201603-09
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html
- http://rhn.redhat.com/errata/RHSA-2015-2665.html
- http://www.debian.org/security/2016/dsa-3456
- http://www.securityfocus.com/bid/79348
- http://www.securitytracker.com/id/1034491
- https://code.google.com/p/chromium/issues/detail?id=564501
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://codereview.chromium.org/1500153002
- https://codereview.chromium.org/1508563003
- https://security.gentoo.org/glsa/201603-09
Modified: 2025-04-12
CVE-2015-8664
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- http://www.securityfocus.com/bid/79686
- http://www.securitytracker.com/id/1034491
- http://www.ubuntu.com/usn/USN-2860-1
- https://code.google.com/p/chromium/issues/detail?id=565023
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://codereview.chromium.org/1498903003
- http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
- http://www.securityfocus.com/bid/79686
- http://www.securitytracker.com/id/1034491
- http://www.ubuntu.com/usn/USN-2860-1
- https://code.google.com/p/chromium/issues/detail?id=565023
- https://code.google.com/p/chromium/issues/detail?id=569486
- https://codereview.chromium.org/1498903003
Closed bugs
46.0.2490.71-alt1 потерял зависимость на libGConf