ALT-BU-2017-2929-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9085
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
- [oss-security] 20161027 Re: CVE requests: some issues in gif2webp
- [oss-security] 20161027 Re: CVE requests: some issues in gif2webp
- 93928
- 93928
- https://bugzilla.redhat.com/show_bug.cgi?id=1389338
- https://bugzilla.redhat.com/show_bug.cgi?id=1389338
- https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
- https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- FEDORA-2016-00d2f5c19f
- FEDORA-2016-00d2f5c19f
- FEDORA-2016-160ec6525e
- FEDORA-2016-160ec6525e
- FEDORA-2016-26ef59f03d
- FEDORA-2016-26ef59f03d
- GLSA-201701-61
- GLSA-201701-61
Package kernel-image-un-def updated to version 4.9.9-alt1 for branch sisyphus in task 177884.
Closed vulnerabilities
BDU:2017-00296
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01080
Уязвимость операционной системы Linux, позволяющая нарушителю оказать произвольное воздействие
BDU:2017-01081
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-10208
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe
- 20161115 OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read
- 20161115 OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read
- [oss-security] 20170204 Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read
- [oss-security] 20170204 Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read
- 94354
- 94354
- RHSA-2017:1297
- RHSA-2017:1297
- RHSA-2017:1298
- RHSA-2017:1298
- RHSA-2017:1308
- RHSA-2017:1308
- https://bugzilla.redhat.com/show_bug.cgi?id=1395190
- https://bugzilla.redhat.com/show_bug.cgi?id=1395190
- https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe
- https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2017-2596
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
- DSA-3791
- DSA-3791
- [oss-security] 20170131 CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon
- [oss-security] 20170131 CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon
- 95878
- 95878
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- https://bugzilla.redhat.com/show_bug.cgi?id=1417812
- https://bugzilla.redhat.com/show_bug.cgi?id=1417812
Modified: 2024-11-21
CVE-2017-8071
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9
- [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
- [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
- 97991
- 97991
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a7b5df84b6b4e5d599c7289526eed96541a0654
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a7b5df84b6b4e5d599c7289526eed96541a0654
- https://github.com/torvalds/linux/commit/7a7b5df84b6b4e5d599c7289526eed96541a0654
- https://github.com/torvalds/linux/commit/7a7b5df84b6b4e5d599c7289526eed96541a0654
Modified: 2024-11-21
CVE-2017-8072
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9
- [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
- [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
- 98010
- 98010
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8e9faa15469ed7c7467423db4c62aeed3ff4cae3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8e9faa15469ed7c7467423db4c62aeed3ff4cae3
- https://github.com/torvalds/linux/commit/8e9faa15469ed7c7467423db4c62aeed3ff4cae3
- https://github.com/torvalds/linux/commit/8e9faa15469ed7c7467423db4c62aeed3ff4cae3