ALT-BU-2017-2962-1
Branch sisyphus update bulletin.
Package python-module-six updated to version 1.10.0-alt3 for branch sisyphus in task 178901.
Closed bugs
Ошибка обновления
Package kernel-image-un-def updated to version 4.9.13-alt1 for branch sisyphus in task 178892.
Closed vulnerabilities
BDU:2017-01556
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить привилегии суперпользователя
BDU:2018-00379
Уязвимость функции ip_cmsg_recv_checksum (net/ipv4/ip_sockglue.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-06413
Уязвимость подсистемы LLC ядра операционной системы Linux, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
- RHSA-2017:0293
- RHSA-2017:0293
- RHSA-2017:0294
- RHSA-2017:0294
- RHSA-2017:0295
- RHSA-2017:0295
- RHSA-2017:0316
- RHSA-2017:0316
- RHSA-2017:0323
- RHSA-2017:0323
- RHSA-2017:0324
- RHSA-2017:0324
- RHSA-2017:0345
- RHSA-2017:0345
- RHSA-2017:0346
- RHSA-2017:0346
- RHSA-2017:0347
- RHSA-2017:0347
- RHSA-2017:0365
- RHSA-2017:0365
- RHSA-2017:0366
- RHSA-2017:0366
- RHSA-2017:0403
- RHSA-2017:0403
- RHSA-2017:0501
- RHSA-2017:0501
- DSA-3791
- DSA-3791
- [oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
- [oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- 96310
- 96310
- 1037876
- 1037876
- RHSA-2017:0932
- RHSA-2017:0932
- RHSA-2017:1209
- RHSA-2017:1209
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://source.android.com/security/bulletin/2017-07-01
- https://source.android.com/security/bulletin/2017-07-01
- 41457
- 41457
- 41458
- 41458
- https://www.tenable.com/security/tns-2017-07
- https://www.tenable.com/security/tns-2017-07
Modified: 2024-11-21
CVE-2017-6345
The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762
- DSA-3804
- DSA-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- [oss-security] 20170228 Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)
- [oss-security] 20170228 Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)
- 96510
- 96510
- https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762
- https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2017-6346
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- DSA-3804
- DSA-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- [oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)
- [oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)
- 96508
- 96508
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://source.android.com/security/bulletin/2017-09-01
- https://source.android.com/security/bulletin/2017-09-01
Modified: 2024-11-21
CVE-2017-6347
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- [oss-security] 20170228 Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)
- [oss-security] 20170228 Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)
- 96487
- 96487
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
Modified: 2024-11-21
CVE-2017-6348
The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788
- DSA-3804
- DSA-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- [oss-security] 20170228 Linux: irda: Fix lockdep annotations in hashbin_delete() (CVE-2017-6348)
- [oss-security] 20170228 Linux: irda: Fix lockdep annotations in hashbin_delete() (CVE-2017-6348)
- 96483
- 96483
- https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788
- https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788
- USN-3754-1
- USN-3754-1
Package kernel-image-std-def updated to version 4.4.52-alt1 for branch sisyphus in task 178890.
Closed vulnerabilities
BDU:2017-01556
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить привилегии суперпользователя
BDU:2018-00379
Уязвимость функции ip_cmsg_recv_checksum (net/ipv4/ip_sockglue.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
- RHSA-2017:0293
- RHSA-2017:0293
- RHSA-2017:0294
- RHSA-2017:0294
- RHSA-2017:0295
- RHSA-2017:0295
- RHSA-2017:0316
- RHSA-2017:0316
- RHSA-2017:0323
- RHSA-2017:0323
- RHSA-2017:0324
- RHSA-2017:0324
- RHSA-2017:0345
- RHSA-2017:0345
- RHSA-2017:0346
- RHSA-2017:0346
- RHSA-2017:0347
- RHSA-2017:0347
- RHSA-2017:0365
- RHSA-2017:0365
- RHSA-2017:0366
- RHSA-2017:0366
- RHSA-2017:0403
- RHSA-2017:0403
- RHSA-2017:0501
- RHSA-2017:0501
- DSA-3791
- DSA-3791
- [oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
- [oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- 96310
- 96310
- 1037876
- 1037876
- RHSA-2017:0932
- RHSA-2017:0932
- RHSA-2017:1209
- RHSA-2017:1209
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://source.android.com/security/bulletin/2017-07-01
- https://source.android.com/security/bulletin/2017-07-01
- 41457
- 41457
- 41458
- 41458
- https://www.tenable.com/security/tns-2017-07
- https://www.tenable.com/security/tns-2017-07
Modified: 2024-11-21
CVE-2017-6346
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- DSA-3804
- DSA-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- [oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)
- [oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)
- 96508
- 96508
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://source.android.com/security/bulletin/2017-09-01
- https://source.android.com/security/bulletin/2017-09-01
Modified: 2024-11-21
CVE-2017-6347
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- [oss-security] 20170228 Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)
- [oss-security] 20170228 Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)
- 96487
- 96487
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
Closed vulnerabilities
BDU:2018-01423
Уязвимость сервера печати CUPS, связанная с возможностью выполнения произвольных IPP-команд, позволяющая пользователю нарушить целостность данных
Modified: 2024-11-21
CVE-2017-18190
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
- https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
- https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
- [debian-lts-announce] 20180222 [SECURITY] [DLA 1288-1] cups security update
- [debian-lts-announce] 20180222 [SECURITY] [DLA 1288-1] cups security update
- [debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update
- [debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update
- USN-3577-1
- USN-3577-1
Closed bugs
Не упакованы pyyaml идущие вместе с netdata pyton_modules
Зависимость на bash4