ALT-BU-2017-3339-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2020-01714
Уязвимость системы виртуализации LXC, связанная с ошибкой предоставления пользователю доступа, при запросе удаления сетевого интерфейса, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1230
- openSUSE-SU-2019:1230
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1481
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
- https://bugzilla.suse.com/show_bug.cgi?id=988348
- https://bugzilla.suse.com/show_bug.cgi?id=988348
- GLSA-201808-02
- GLSA-201808-02
- USN-3730-1
- USN-3730-1
Package python-module-html5lib updated to version 0.999999999-alt2 for branch sisyphus in task 187931.
Closed bugs
Ошибка при импортировании
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9400
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
- [oss-security] 20161116 CVE Request: teeworlds: possible remote code execution on teeworlds client
- [oss-security] 20161116 CVE Request: teeworlds: possible remote code execution on teeworlds client
- [oss-security] 20161117 Re: CVE Request: teeworlds: possible remote code execution on teeworlds client
- [oss-security] 20161117 Re: CVE Request: teeworlds: possible remote code execution on teeworlds client
- 94381
- 94381
- https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62
- https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62
- FEDORA-2016-7470a63cd1
- FEDORA-2016-7470a63cd1
- GLSA-201705-13
- GLSA-201705-13
- https://www.teeworlds.com/?page=news&id=12086
- https://www.teeworlds.com/?page=news&id=12086
Closed bugs
Прошу обновить версию
Package ConsoleKit2 updated to version 1.2.0-alt2 for branch sisyphus in task 187951.
Closed bugs
Неверные Obsoletes
Package kernel-image-std-def updated to version 4.9.48-alt1 for branch sisyphus in task 187946.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-11600
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- http://seclists.org/bugtraq/2017/Jul/30
- http://seclists.org/bugtraq/2017/Jul/30
- DSA-3981
- DSA-3981
- 99928
- 99928
- RHSA-2018:1965
- RHSA-2018:1965
- RHSA-2018:2003
- RHSA-2018:2003
- RHSA-2019:1170
- RHSA-2019:1170
- RHSA-2019:1190
- RHSA-2019:1190
- https://source.android.com/security/bulletin/pixel/2017-11-01
- https://source.android.com/security/bulletin/pixel/2017-11-01
Package kernel-image-un-def updated to version 4.12.11-alt1 for branch sisyphus in task 187947.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-11600
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- http://seclists.org/bugtraq/2017/Jul/30
- http://seclists.org/bugtraq/2017/Jul/30
- DSA-3981
- DSA-3981
- 99928
- 99928
- RHSA-2018:1965
- RHSA-2018:1965
- RHSA-2018:2003
- RHSA-2018:2003
- RHSA-2019:1170
- RHSA-2019:1170
- RHSA-2019:1190
- RHSA-2019:1190
- https://source.android.com/security/bulletin/pixel/2017-11-01
- https://source.android.com/security/bulletin/pixel/2017-11-01
Modified: 2024-11-21
CVE-2017-14051
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
- 100571
- 100571
- https://bugzilla.kernel.org/show_bug.cgi?id=194061
- https://bugzilla.kernel.org/show_bug.cgi?id=194061
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- https://patchwork.kernel.org/patch/9929625/
- https://patchwork.kernel.org/patch/9929625/
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
Modified: 2024-11-21
CVE-2017-14156
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
- DSA-3981
- DSA-3981
- 100634
- 100634
- https://github.com/torvalds/linux/pull/441
- https://github.com/torvalds/linux/pull/441
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2