ALT-BU-2017-3266-1
Branch sisyphus update bulletin.
Package kernel-image-std-def updated to version 4.9.40-alt1 for branch sisyphus in task 185968.
Closed vulnerabilities
BDU:2017-01593
Уязвимость патча offset2lib ядра операционной системы Linux, позволяющая нарушителю получить доступ к странице защиты стека
BDU:2017-01594
Уязвимость патча offset2lib ядра операционной системы Linux, позволяющая нарушителю получить доступ к странице защиты стека
BDU:2017-01748
Уязвимость функции mp_override_legacy_irq ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2018-00521
Уязвимость драйвера контроллера i8042 операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2023-00939
Уязвимость функции brcmf_cfg80211_mgmt_tx в drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ядра операционной системы Linux, позволяющая нарушителю вызывать отказ в обслуживании или повысить свои привилегии.
Modified: 2024-11-21
CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.
Modified: 2024-11-21
CVE-2017-1000371
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
Modified: 2024-11-21
CVE-2017-11473
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
- 100010
- 100010
- RHSA-2018:0654
- RHSA-2018:0654
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=96301209473afd3f2f274b91cb7082d161b9be65
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=96301209473afd3f2f274b91cb7082d161b9be65
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad5ab0db8deac535d03e3fe3d8f2892173fa6a4
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad5ab0db8deac535d03e3fe3d8f2892173fa6a4
- https://source.android.com/security/bulletin/pixel/2018-01-01
- https://source.android.com/security/bulletin/pixel/2018-01-01
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226
- 102895
- 102895
- https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226
- https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226
- USN-3655-1
- USN-3655-1
- USN-3655-2
- USN-3655-2
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
Modified: 2024-11-21
CVE-2017-7541
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c
- http://openwall.com/lists/oss-security/2017/07/24/2
- http://openwall.com/lists/oss-security/2017/07/24/2
- DSA-3927
- DSA-3927
- DSA-3945
- DSA-3945
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
- 99955
- 99955
- 1038981
- 1038981
- RHSA-2017:2863
- RHSA-2017:2863
- RHSA-2017:2918
- RHSA-2017:2918
- RHSA-2017:2930
- RHSA-2017:2930
- RHSA-2017:2931
- RHSA-2017:2931
- https://bugzilla.novell.com/show_bug.cgi?id=1049645
- https://bugzilla.novell.com/show_bug.cgi?id=1049645
- https://bugzilla.redhat.com/show_bug.cgi?id=1473198
- https://bugzilla.redhat.com/show_bug.cgi?id=1473198
- https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c
- https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c
- https://source.android.com/security/bulletin/2017-11-01
- https://source.android.com/security/bulletin/2017-11-01
- https://www.spinics.net/lists/stable/msg180994.html
- https://www.spinics.net/lists/stable/msg180994.html