ALT Linux Team

Branch p8 update on 2017-11-28

2017-11-28

ALT-BU-2017-3523-1

Branch p8 update bulletin.

ALT-PU-2017-2700-1

Package kernel-image-un-def updated to version 4.13.16-alt0.M80P.1 for branch p8 in task 195365.

Closed vulnerabilities

Published: 2017-10-19

BDU:2018-00073

Уязвимость функции sctp_do_peeloff ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2011-12-12
Modified: 2023-11-07

CVE-2011-1161

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none

Published: 2017-11-16
Modified: 2024-11-21

CVE-2017-15115

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2017-2701-1

Package kernel-image-std-def updated to version 4.9.65-alt0.M80P.1 for branch p8 in task 195357.

Closed vulnerabilities

Published: 2017-10-19

BDU:2018-00073

Уязвимость функции sctp_do_peeloff ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-11-16
Modified: 2024-11-21

CVE-2017-15115

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-10-16
Modified: 2024-11-21

CVE-2017-15265

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2017-2704-1

Package 389-ds-base updated to version 1.3.7.1-alt1.M80P.1 for branch p8 in task 195481.

Closed bugs

Bug #34240

При установке пакета 389-ds-base не создается пользователь "dirsrv"

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top