ALT Linux Team

Branch sisyphus update on 2017-01-29

2017-01-29

ALT-BU-2017-2903-1

Branch sisyphus update bulletin.

ALT-PU-2017-1095-1

Package kernel-image-std-def updated to version 4.4.45-alt1.1 for branch sisyphus in task 177156.

Closed vulnerabilities

Published: 2017-02-17
Modified: 2021-03-23

BDU:2017-00294

Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2017-02-06
Modified: 2025-04-20

CVE-2017-5547

drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2017-1096-1

Package libvirt updated to version 3.0.0-alt1 for branch sisyphus in task 177237.

Closed vulnerabilities

Published: 2022-09-14
Modified: 2024-04-11

BDU:2022-05679

Уязвимость библиотеки управления виртуализацией Libvirt, связанная с недостаточной блокировкой, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2022-03-25
Modified: 2024-11-21

CVE-2021-4147

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:

ALT-PU-2017-1098-1

Package pcsc-lite updated to version 1.8.20-alt1 for branch sisyphus in task 177266.

Closed vulnerabilities

Published: 2017-02-23
Modified: 2025-04-20

CVE-2016-10109

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top