ALT-BU-2016-3218-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 4.8.15-alt1 for branch sisyphus in task 174478.
Closed vulnerabilities
Modified: 2025-04-20
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd
- http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15
- http://www.openwall.com/lists/oss-security/2017/01/17/13
- http://www.securityfocus.com/bid/95677
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://bugzilla.redhat.com/show_bug.cgi?id=1404200
- https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd
- http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15
- http://www.openwall.com/lists/oss-security/2017/01/17/13
- http://www.securityfocus.com/bid/95677
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://bugzilla.redhat.com/show_bug.cgi?id=1404200
- https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd
Modified: 2025-04-20
CVE-2017-7273
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4faec4a2ef5dd481682cc155cb9ea14ba2534b76
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
- http://www.securityfocus.com/bid/97190
- https://github.com/torvalds/linux/commit/1ebb71143758f45dc0fa76e2f48429e13b16d110
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4faec4a2ef5dd481682cc155cb9ea14ba2534b76
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
- http://www.securityfocus.com/bid/97190
- https://github.com/torvalds/linux/commit/1ebb71143758f45dc0fa76e2f48429e13b16d110
Closed vulnerabilities
Modified: 2025-04-20
CVE-2016-10002
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
- http://rhn.redhat.com/errata/RHSA-2017-0182.html
- http://rhn.redhat.com/errata/RHSA-2017-0183.html
- http://www.debian.org/security/2016/dsa-3745
- http://www.openwall.com/lists/oss-security/2016/12/18/1
- http://www.securityfocus.com/bid/94953
- http://www.securitytracker.com/id/1037513
- http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
- http://rhn.redhat.com/errata/RHSA-2017-0182.html
- http://rhn.redhat.com/errata/RHSA-2017-0183.html
- http://www.debian.org/security/2016/dsa-3745
- http://www.openwall.com/lists/oss-security/2016/12/18/1
- http://www.securityfocus.com/bid/94953
- http://www.securitytracker.com/id/1037513
- http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
Modified: 2025-04-20
CVE-2016-10003
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
- http://www.openwall.com/lists/oss-security/2016/12/18/1
- http://www.securityfocus.com/bid/94953
- http://www.securitytracker.com/id/1037512
- http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
- http://www.openwall.com/lists/oss-security/2016/12/18/1
- http://www.securityfocus.com/bid/94953
- http://www.securitytracker.com/id/1037512
- http://www.squid-cache.org/Advisories/SQUID-2016_10.txt