ALT-BU-2017-3339-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2023-11-21
BDU:2020-01714
Уязвимость системы виртуализации LXC, связанная с ошибкой предоставления пользователю доступа, при запросе удаления сетевого интерфейса, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
- https://bugzilla.suse.com/show_bug.cgi?id=988348
- https://security.gentoo.org/glsa/201808-02
- https://usn.ubuntu.com/usn/usn-3730-1
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
- https://bugzilla.suse.com/show_bug.cgi?id=988348
- https://security.gentoo.org/glsa/201808-02
- https://usn.ubuntu.com/usn/usn-3730-1
Package python-module-html5lib updated to version 0.999999999-alt2 for branch sisyphus in task 187931.
Closed bugs
Ошибка при импортировании
Closed vulnerabilities
Modified: 2025-04-20
CVE-2016-9400
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
- http://www.openwall.com/lists/oss-security/2016/11/16/8
- http://www.openwall.com/lists/oss-security/2016/11/17/8
- http://www.securityfocus.com/bid/94381
- https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/
- https://security.gentoo.org/glsa/201705-13
- https://www.teeworlds.com/?page=news&id=12086
- http://www.openwall.com/lists/oss-security/2016/11/16/8
- http://www.openwall.com/lists/oss-security/2016/11/17/8
- http://www.securityfocus.com/bid/94381
- https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/
- https://security.gentoo.org/glsa/201705-13
- https://www.teeworlds.com/?page=news&id=12086
Closed bugs
Прошу обновить версию
Package ConsoleKit2 updated to version 1.2.0-alt2 for branch sisyphus in task 187951.
Closed bugs
Неверные Obsoletes
Package kernel-image-std-def updated to version 4.9.48-alt1 for branch sisyphus in task 187946.
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-11600
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://seclists.org/bugtraq/2017/Jul/30
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/99928
- https://access.redhat.com/errata/RHSA-2018:1965
- https://access.redhat.com/errata/RHSA-2018:2003
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://source.android.com/security/bulletin/pixel/2017-11-01
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://seclists.org/bugtraq/2017/Jul/30
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/99928
- https://access.redhat.com/errata/RHSA-2018:1965
- https://access.redhat.com/errata/RHSA-2018:2003
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://source.android.com/security/bulletin/pixel/2017-11-01
Package kernel-image-un-def updated to version 4.12.11-alt1 for branch sisyphus in task 187947.
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-11600
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://seclists.org/bugtraq/2017/Jul/30
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/99928
- https://access.redhat.com/errata/RHSA-2018:1965
- https://access.redhat.com/errata/RHSA-2018:2003
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://source.android.com/security/bulletin/pixel/2017-11-01
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://seclists.org/bugtraq/2017/Jul/30
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/99928
- https://access.redhat.com/errata/RHSA-2018:1965
- https://access.redhat.com/errata/RHSA-2018:2003
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://source.android.com/security/bulletin/pixel/2017-11-01
Modified: 2025-04-20
CVE-2017-14051
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
- http://www.securityfocus.com/bid/100571
- https://bugzilla.kernel.org/show_bug.cgi?id=194061
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9929625/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://www.securityfocus.com/bid/100571
- https://bugzilla.kernel.org/show_bug.cgi?id=194061
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9929625/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
Modified: 2025-04-20
CVE-2017-14156
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/100634
- https://github.com/torvalds/linux/pull/441
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/100634
- https://github.com/torvalds/linux/pull/441
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/