ALT-BU-2017-2870-1
Branch p8 update bulletin.
Package kernel-modules-nvidia-std-pae updated to version 375.26-alt1.263208.0.M80P.2 for branch p8 in task 175933.
Closed bugs
В 304.132 не работает glx.
Package virtualbox updated to version 5.1.10-alt0.M80P.1 for branch p8 in task 175350.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-5501
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
Modified: 2024-11-21
CVE-2016-5608
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
Modified: 2024-11-21
CVE-2016-5610
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5611
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5613
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
Package kernel-modules-virtualbox-un-def updated to version 5.1.10-alt1.264208.0.M80P.1 for branch p8 in task 175350.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-5501
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
Modified: 2024-11-21
CVE-2016-5608
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
Modified: 2024-11-21
CVE-2016-5610
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5611
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5613
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
Package kernel-modules-virtualbox-std-def updated to version 5.1.10-alt1.263208.0.M80P.2 for branch p8 in task 175350.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-5501
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
Modified: 2024-11-21
CVE-2016-5608
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
Modified: 2024-11-21
CVE-2016-5610
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5611
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5613
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
Package kernel-modules-virtualbox-addition-std-def updated to version 5.1.10-alt1.263208.0.M80P.2 for branch p8 in task 175350.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-5501
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
Modified: 2024-11-21
CVE-2016-5608
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
Modified: 2024-11-21
CVE-2016-5610
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5611
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5613
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
Package kernel-modules-virtualbox-addition-un-def updated to version 5.1.10-alt1.264208.0.M80P.1 for branch p8 in task 175350.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-5501
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
Modified: 2024-11-21
CVE-2016-5608
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
Modified: 2024-11-21
CVE-2016-5610
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5611
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
Modified: 2024-11-21
CVE-2016-5613
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
Package kernel-image-std-def updated to version 4.4.41-alt0.M80P.2 for branch p8 in task 175985.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-10088
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835
- RHSA-2017:0817
- RHSA-2017:0817
- [oss-security] 20161230 Re: Linux Kernel use-after-free in SCSI generic device interface
- [oss-security] 20161230 Re: Linux Kernel use-after-free in SCSI generic device interface
- 95169
- 95169
- 1037538
- 1037538
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835
- https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835