2017-12-16
ALT-BU-2017-3565-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 4.14.6-alt1 for branch sisyphus in task 196815.
Closed vulnerabilities
Published: 2017-11-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-0861
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [secure-testing-commits] 20171206 r58306 - data/CVE
- [secure-testing-commits] 20171206 r58306 - data/CVE
- 102329
- 102329
- RHSA-2018:2390
- RHSA-2018:2390
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- RHSA-2020:0036
- RHSA-2020:0036
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- https://security-tracker.debian.org/tracker/CVE-2017-0861
- https://security-tracker.debian.org/tracker/CVE-2017-0861
- https://source.android.com/security/bulletin/pixel/2017-11-01
- https://source.android.com/security/bulletin/pixel/2017-11-01
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3617-3
- USN-3617-3
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3632-1
- USN-3632-1
- DSA-4187
- DSA-4187
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Published: 2017-12-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
Severity: HIGH (7.4)
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
- [oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80
- [oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80
- 102038
- 102038
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2019:1170
- RHSA-2019:1170
- https://access.redhat.com/security/cve/cve-2017-1000407
- https://access.redhat.com/security/cve/cve-2017-1000407
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3632-1
- USN-3632-1
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- [kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
- [kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
Published: 2017-12-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-17558
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
Severity: MEDIUM (6.6)
Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- http://openwall.com/lists/oss-security/2017/12/12/7
- http://openwall.com/lists/oss-security/2017/12/12/7
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2019:1170
- RHSA-2019:1170
- RHSA-2019:1190
- RHSA-2019:1190
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3754-1
- USN-3754-1
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.spinics.net/lists/linux-usb/msg163644.html
- https://www.spinics.net/lists/linux-usb/msg163644.html
Published: 2017-12-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-17807
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
Severity: LOW (3.3)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b
- 102301
- 102301
- https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b
- https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3617-3
- USN-3617-3
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3620-1
- USN-3620-1
- USN-3620-2
- USN-3620-2
- USN-3632-1
- USN-3632-1
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
Package kernel-image-std-def updated to version 4.9.69-alt1 for branch sisyphus in task 196814.
Closed vulnerabilities
Published: 2017-11-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-0861
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [secure-testing-commits] 20171206 r58306 - data/CVE
- [secure-testing-commits] 20171206 r58306 - data/CVE
- 102329
- 102329
- RHSA-2018:2390
- RHSA-2018:2390
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- RHSA-2020:0036
- RHSA-2020:0036
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- https://security-tracker.debian.org/tracker/CVE-2017-0861
- https://security-tracker.debian.org/tracker/CVE-2017-0861
- https://source.android.com/security/bulletin/pixel/2017-11-01
- https://source.android.com/security/bulletin/pixel/2017-11-01
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3617-3
- USN-3617-3
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3632-1
- USN-3632-1
- DSA-4187
- DSA-4187
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Published: 2017-12-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
Severity: HIGH (7.4)
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
- [oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80
- [oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80
- 102038
- 102038
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2019:1170
- RHSA-2019:1170
- https://access.redhat.com/security/cve/cve-2017-1000407
- https://access.redhat.com/security/cve/cve-2017-1000407
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3632-1
- USN-3632-1
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- [kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
- [kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
Package python-module-OpenSSL updated to version 17.5.0-alt1 for branch sisyphus in task 196832.
Closed bugs
FR: обновить до текущей версии 17.5.0