ALT-BU-2016-3190-1
Branch p8 update bulletin.
Package ceph-deploy updated to version 1.5.34-alt2.M80P.1 for branch p8 in task 173876.
Closed bugs
ceph-deploy хочет ceph-mds отдельным пакетом
Package python-module-openstackclient updated to version 2.3.0-alt0.M80P.1 for branch p8 in task 173876.
Closed bugs
Потребность бэкпортирования в p7
Closed bugs
Пересобрать с --enable-ntp-signd
Package kernel-image-un-def updated to version 4.8.12-alt0.M80P.1 for branch p8 in task 173879.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-8650
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073
- 20161115 OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl
- 20161115 OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl
- [oss-security] 20161125 Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem
- [oss-security] 20161125 Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem
- 94532
- 94532
- 1037968
- 1037968
- RHSA-2017:0931
- RHSA-2017:0931
- RHSA-2017:0932
- RHSA-2017:0932
- RHSA-2017:0933
- RHSA-2017:0933
- RHSA-2018:1854
- RHSA-2018:1854
- https://bugzilla.redhat.com/show_bug.cgi?id=1395187
- https://bugzilla.redhat.com/show_bug.cgi?id=1395187
- https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073
- https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073
- https://source.android.com/security/bulletin/2017-03-01.html
- https://source.android.com/security/bulletin/2017-03-01.html
Modified: 2024-11-21
CVE-2016-9084
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a
- RHSA-2017:0386
- RHSA-2017:0386
- RHSA-2017:0387
- RHSA-2017:0387
- [oss-security] 20161027 kernel: low-severity vfio driver integer overflow
- [oss-security] 20161027 kernel: low-severity vfio driver integer overflow
- 93930
- 93930
- https://bugzilla.redhat.com/show_bug.cgi?id=1389259
- https://bugzilla.redhat.com/show_bug.cgi?id=1389259
- https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a
- https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a
- https://patchwork.kernel.org/patch/9373631/
- https://patchwork.kernel.org/patch/9373631/
Modified: 2024-11-21
CVE-2016-9191
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939
- DSA-3791
- DSA-3791
- [oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code
- [oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code
- 94129
- 94129
- https://bugzilla.redhat.com/show_bug.cgi?id=1392439
- https://bugzilla.redhat.com/show_bug.cgi?id=1392439
- https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939
- https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us
Modified: 2024-11-21
CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c
- openSUSE-SU-2017:0002
- openSUSE-SU-2017:0002
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12
- [oss-security] 20161201 CVE request: Kernel: kvm: stack memory information leakage
- [oss-security] 20161201 CVE request: Kernel: kvm: stack memory information leakage
- 94615
- 94615
- https://bugzilla.redhat.com/show_bug.cgi?id=1400468
- https://bugzilla.redhat.com/show_bug.cgi?id=1400468
- https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c
- https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c
Modified: 2024-11-21
CVE-2016-9777
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12
- [oss-security] 20161202 CVE request: Kernel: kvm: out of bounds memory access via vcpu_id
- [oss-security] 20161202 CVE request: Kernel: kvm: out of bounds memory access via vcpu_id
- 94640
- 94640
- https://bugzilla.redhat.com/show_bug.cgi?id=1400804
- https://bugzilla.redhat.com/show_bug.cgi?id=1400804
- https://github.com/torvalds/linux/commit/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755
- https://github.com/torvalds/linux/commit/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755