ALT-BU-2017-2962-1
Branch sisyphus update bulletin.
Package python-module-six updated to version 1.10.0-alt3 for branch sisyphus in task 178901.
Closed bugs
Ошибка обновления
Package kernel-image-un-def updated to version 4.9.13-alt1 for branch sisyphus in task 178892.
Closed vulnerabilities
Modified: 2024-12-03
BDU:2017-01556
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить привилегии суперпользователя
Modified: 2024-12-03
BDU:2018-00379
Уязвимость функции ip_cmsg_recv_checksum (net/ipv4/ip_sockglue.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-05-23
BDU:2021-06413
Уязвимость подсистемы LLC ядра операционной системы Linux, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
- http://rhn.redhat.com/errata/RHSA-2017-0293.html
- http://rhn.redhat.com/errata/RHSA-2017-0294.html
- http://rhn.redhat.com/errata/RHSA-2017-0295.html
- http://rhn.redhat.com/errata/RHSA-2017-0316.html
- http://rhn.redhat.com/errata/RHSA-2017-0323.html
- http://rhn.redhat.com/errata/RHSA-2017-0324.html
- http://rhn.redhat.com/errata/RHSA-2017-0345.html
- http://rhn.redhat.com/errata/RHSA-2017-0346.html
- http://rhn.redhat.com/errata/RHSA-2017-0347.html
- http://rhn.redhat.com/errata/RHSA-2017-0365.html
- http://rhn.redhat.com/errata/RHSA-2017-0366.html
- http://rhn.redhat.com/errata/RHSA-2017-0403.html
- http://rhn.redhat.com/errata/RHSA-2017-0501.html
- http://www.debian.org/security/2017/dsa-3791
- http://www.openwall.com/lists/oss-security/2017/02/22/3
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/96310
- http://www.securitytracker.com/id/1037876
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:1209
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://source.android.com/security/bulletin/2017-07-01
- https://www.exploit-db.com/exploits/41457/
- https://www.exploit-db.com/exploits/41458/
- https://www.tenable.com/security/tns-2017-07
- http://rhn.redhat.com/errata/RHSA-2017-0293.html
- http://rhn.redhat.com/errata/RHSA-2017-0294.html
- http://rhn.redhat.com/errata/RHSA-2017-0295.html
- http://rhn.redhat.com/errata/RHSA-2017-0316.html
- http://rhn.redhat.com/errata/RHSA-2017-0323.html
- http://rhn.redhat.com/errata/RHSA-2017-0324.html
- http://rhn.redhat.com/errata/RHSA-2017-0345.html
- http://rhn.redhat.com/errata/RHSA-2017-0346.html
- http://rhn.redhat.com/errata/RHSA-2017-0347.html
- http://rhn.redhat.com/errata/RHSA-2017-0365.html
- http://rhn.redhat.com/errata/RHSA-2017-0366.html
- http://rhn.redhat.com/errata/RHSA-2017-0403.html
- http://rhn.redhat.com/errata/RHSA-2017-0501.html
- http://www.debian.org/security/2017/dsa-3791
- http://www.openwall.com/lists/oss-security/2017/02/22/3
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/96310
- http://www.securitytracker.com/id/1037876
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:1209
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://source.android.com/security/bulletin/2017-07-01
- https://www.exploit-db.com/exploits/41457/
- https://www.exploit-db.com/exploits/41458/
- https://www.tenable.com/security/tns-2017-07
Modified: 2025-04-20
CVE-2017-6345
The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/7
- http://www.securityfocus.com/bid/96510
- https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/7
- http://www.securityfocus.com/bid/96510
- https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762
- https://usn.ubuntu.com/3754-1/
Modified: 2025-04-20
CVE-2017-6346
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/6
- http://www.securityfocus.com/bid/96508
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://source.android.com/security/bulletin/2017-09-01
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/6
- http://www.securityfocus.com/bid/96508
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://source.android.com/security/bulletin/2017-09-01
Modified: 2025-04-20
CVE-2017-6347
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- http://www.openwall.com/lists/oss-security/2017/02/28/5
- http://www.securityfocus.com/bid/96487
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- http://www.openwall.com/lists/oss-security/2017/02/28/5
- http://www.securityfocus.com/bid/96487
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
Modified: 2025-04-20
CVE-2017-6348
The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/4
- http://www.securityfocus.com/bid/96483
- https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/4
- http://www.securityfocus.com/bid/96483
- https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788
- https://usn.ubuntu.com/3754-1/
Package kernel-image-std-def updated to version 4.4.52-alt1 for branch sisyphus in task 178890.
Closed vulnerabilities
Modified: 2024-12-03
BDU:2017-01556
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить привилегии суперпользователя
Modified: 2024-12-03
BDU:2018-00379
Уязвимость функции ip_cmsg_recv_checksum (net/ipv4/ip_sockglue.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
- http://rhn.redhat.com/errata/RHSA-2017-0293.html
- http://rhn.redhat.com/errata/RHSA-2017-0294.html
- http://rhn.redhat.com/errata/RHSA-2017-0295.html
- http://rhn.redhat.com/errata/RHSA-2017-0316.html
- http://rhn.redhat.com/errata/RHSA-2017-0323.html
- http://rhn.redhat.com/errata/RHSA-2017-0324.html
- http://rhn.redhat.com/errata/RHSA-2017-0345.html
- http://rhn.redhat.com/errata/RHSA-2017-0346.html
- http://rhn.redhat.com/errata/RHSA-2017-0347.html
- http://rhn.redhat.com/errata/RHSA-2017-0365.html
- http://rhn.redhat.com/errata/RHSA-2017-0366.html
- http://rhn.redhat.com/errata/RHSA-2017-0403.html
- http://rhn.redhat.com/errata/RHSA-2017-0501.html
- http://www.debian.org/security/2017/dsa-3791
- http://www.openwall.com/lists/oss-security/2017/02/22/3
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/96310
- http://www.securitytracker.com/id/1037876
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:1209
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://source.android.com/security/bulletin/2017-07-01
- https://www.exploit-db.com/exploits/41457/
- https://www.exploit-db.com/exploits/41458/
- https://www.tenable.com/security/tns-2017-07
- http://rhn.redhat.com/errata/RHSA-2017-0293.html
- http://rhn.redhat.com/errata/RHSA-2017-0294.html
- http://rhn.redhat.com/errata/RHSA-2017-0295.html
- http://rhn.redhat.com/errata/RHSA-2017-0316.html
- http://rhn.redhat.com/errata/RHSA-2017-0323.html
- http://rhn.redhat.com/errata/RHSA-2017-0324.html
- http://rhn.redhat.com/errata/RHSA-2017-0345.html
- http://rhn.redhat.com/errata/RHSA-2017-0346.html
- http://rhn.redhat.com/errata/RHSA-2017-0347.html
- http://rhn.redhat.com/errata/RHSA-2017-0365.html
- http://rhn.redhat.com/errata/RHSA-2017-0366.html
- http://rhn.redhat.com/errata/RHSA-2017-0403.html
- http://rhn.redhat.com/errata/RHSA-2017-0501.html
- http://www.debian.org/security/2017/dsa-3791
- http://www.openwall.com/lists/oss-security/2017/02/22/3
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/96310
- http://www.securitytracker.com/id/1037876
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:1209
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- https://source.android.com/security/bulletin/2017-07-01
- https://www.exploit-db.com/exploits/41457/
- https://www.exploit-db.com/exploits/41458/
- https://www.tenable.com/security/tns-2017-07
Modified: 2025-04-20
CVE-2017-6346
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/6
- http://www.securityfocus.com/bid/96508
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://source.android.com/security/bulletin/2017-09-01
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- http://www.debian.org/security/2017/dsa-3804
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://www.openwall.com/lists/oss-security/2017/02/28/6
- http://www.securityfocus.com/bid/96508
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- https://source.android.com/security/bulletin/2017-09-01
Modified: 2025-04-20
CVE-2017-6347
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- http://www.openwall.com/lists/oss-security/2017/02/28/5
- http://www.securityfocus.com/bid/96487
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
- http://www.openwall.com/lists/oss-security/2017/02/28/5
- http://www.securityfocus.com/bid/96487
- https://bugzilla.redhat.com/show_bug.cgi?id=1427984
- https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
Closed vulnerabilities
Modified: 2021-03-23
BDU:2018-01423
Уязвимость сервера печати CUPS, связанная с возможностью выполнения произвольных IPP-команд, позволяющая пользователю нарушить целостность данных
Modified: 2024-11-21
CVE-2017-18190
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
- https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
- https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html
- https://usn.ubuntu.com/3577-1/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
- https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
- https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html
- https://usn.ubuntu.com/3577-1/
Closed bugs
Не упакованы pyyaml идущие вместе с netdata pyton_modules
Зависимость на bash4