ALT-BU-2018-3078-1
Branch sisyphus update bulletin.
Package adobe-flash-player-ppapi updated to version 28-alt2.S1 for branch sisyphus in task 200699.
Closed vulnerabilities
BDU:2018-00449
Уязвимость компонента Primetime SDK программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2018-00993
Уязвимость программной платформы Flash Player, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2018-4871
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Modified: 2024-11-21
CVE-2018-4877
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
Modified: 2024-11-21
CVE-2018-4878
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
- http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
- http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
- 102893
- 102893
- 1040318
- 1040318
- RHSA-2018:0285
- RHSA-2018:0285
- https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign
- https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign
- https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
- https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
- https://github.com/vysec/CVE-2018-4878
- https://github.com/vysec/CVE-2018-4878
- https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
- https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
- https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
- https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
- https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/
- https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/
- https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139
- https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139
- 44412
- 44412
- https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html
- https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html
- https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets
- https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets
Closed bugs
chromium ругается на старый flash
Package kernel-image-std-def updated to version 4.9.82-alt1 for branch sisyphus in task 200703.
Closed vulnerabilities
BDU:2021-04144
Уязвимость функции dccp_disconnect (net/dccp/proto.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-8824
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- http://lists.openwall.net/netdev/2017/12/04/224
- http://lists.openwall.net/netdev/2017/12/04/224
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- 102056
- 102056
- RHSA-2018:0399
- RHSA-2018:0399
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2018:1130
- RHSA-2018:1130
- RHSA-2018:1170
- RHSA-2018:1170
- RHSA-2018:1216
- RHSA-2018:1216
- RHSA-2018:1319
- RHSA-2018:1319
- RHSA-2018:3822
- RHSA-2018:3822
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3581-1
- USN-3581-1
- USN-3581-2
- USN-3581-2
- USN-3581-3
- USN-3581-3
- USN-3582-1
- USN-3582-1
- USN-3582-2
- USN-3582-2
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- 43234
- 43234
Package kernel-image-un-def updated to version 4.14.20-alt1 for branch sisyphus in task 200705.
Closed vulnerabilities
BDU:2018-00001
Уязвимость процессоров Intel и АRM, вызванная ошибкой контроля доступа к памяти при спекулятивном выполнении инструкций процессора, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2018-00003
Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю получить доступ к защищенной памяти из программы
BDU:2021-04144
Уязвимость функции dccp_disconnect (net/dccp/proto.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-16995
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f
- http://openwall.com/lists/oss-security/2017/12/21/2
- http://openwall.com/lists/oss-security/2017/12/21/2
- 102288
- 102288
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb
- https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f
- https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3633-1
- USN-3633-1
- USN-3523-2
- USN-3523-2
- DSA-4073
- DSA-4073
- 44298
- 44298
- 45010
- 45010
- 45058
- 45058
Modified: 2024-11-21
CVE-2017-16996
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c17d1d2c61936401f4702e1846e2c19b200f958
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c17d1d2c61936401f4702e1846e2c19b200f958
- http://openwall.com/lists/oss-security/2017/12/21/2
- http://openwall.com/lists/oss-security/2017/12/21/2
- 102267
- 102267
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://github.com/torvalds/linux/commit/0c17d1d2c61936401f4702e1846e2c19b200f958
- https://github.com/torvalds/linux/commit/0c17d1d2c61936401f4702e1846e2c19b200f958
Modified: 2024-11-21
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- SUSE-SU-2018:0006
- SUSE-SU-2018:0006
- SUSE-SU-2018:0007
- SUSE-SU-2018:0007
- SUSE-SU-2018:0008
- SUSE-SU-2018:0008
- SUSE-SU-2018:0009
- SUSE-SU-2018:0009
- SUSE-SU-2018:0010
- SUSE-SU-2018:0010
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- SUSE-SU-2018:0012
- SUSE-SU-2018:0012
- openSUSE-SU-2018:0013
- openSUSE-SU-2018:0013
- SUSE-SU-2018:0019
- SUSE-SU-2018:0019
- SUSE-SU-2018:0020
- SUSE-SU-2018:0020
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0023
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- VU#584653
- VU#584653
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 102376
- 102376
- 1040071
- 1040071
- http://xenbits.xen.org/xsa/advisory-254.html
- http://xenbits.xen.org/xsa/advisory-254.html
- RHSA-2018:0292
- RHSA-2018:0292
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- FreeBSD-SA-18:03
- FreeBSD-SA-18:03
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-201810-06
- GLSA-201810-06
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.paloaltonetworks.com/CVE-2017-5715
- https://security.paloaltonetworks.com/CVE-2017-5715
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://spectreattack.com/
- https://spectreattack.com/
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX231399
- https://support.f5.com/csp/article/K91229003
- https://support.f5.com/csp/article/K91229003
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.lenovo.com/us/en/solutions/LEN-18282
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- USN-3531-1
- USN-3531-1
- USN-3531-3
- USN-3531-3
- USN-3540-2
- USN-3540-2
- USN-3541-2
- USN-3541-2
- USN-3542-2
- USN-3542-2
- USN-3549-1
- USN-3549-1
- USN-3560-1
- USN-3560-1
- USN-3561-1
- USN-3561-1
- USN-3580-1
- USN-3580-1
- USN-3581-1
- USN-3581-1
- USN-3581-2
- USN-3581-2
- USN-3582-1
- USN-3582-1
- USN-3582-2
- USN-3582-2
- USN-3594-1
- USN-3594-1
- USN-3597-1
- USN-3597-1
- USN-3597-2
- USN-3597-2
- USN-3620-2
- USN-3620-2
- USN-3690-1
- USN-3690-1
- USN-3777-3
- USN-3777-3
- USN-3516-1
- USN-3516-1
- DSA-4120
- DSA-4120
- DSA-4187
- DSA-4187
- DSA-4188
- DSA-4188
- DSA-4213
- DSA-4213
- 43427
- 43427
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
Modified: 2024-11-21
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
- SUSE-SU-2018:0010
- SUSE-SU-2018:0010
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- SUSE-SU-2018:0012
- SUSE-SU-2018:0012
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0023
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- VU#584653
- VU#584653
- 102378
- 102378
- 106128
- 106128
- 1040071
- 1040071
- http://xenbits.xen.org/xsa/advisory-254.html
- http://xenbits.xen.org/xsa/advisory-254.html
- RHSA-2018:0292
- RHSA-2018:0292
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://cdrdv2.intel.com/v1/dl/getContent/685358
- https://cdrdv2.intel.com/v1/dl/getContent/685358
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- https://meltdownattack.com/
- https://meltdownattack.com/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- FreeBSD-SA-18:03
- FreeBSD-SA-18:03
- GLSA-201810-06
- GLSA-201810-06
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://source.android.com/security/bulletin/2018-04-01
- https://source.android.com/security/bulletin/2018-04-01
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX234679
- https://support.citrix.com/article/CTX234679
- https://support.f5.com/csp/article/K91229003
- https://support.f5.com/csp/article/K91229003
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.lenovo.com/us/en/solutions/LEN-18282
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- USN-3522-3
- USN-3522-3
- USN-3522-4
- USN-3522-4
- USN-3523-1
- USN-3523-1
- USN-3540-2
- USN-3540-2
- USN-3541-2
- USN-3541-2
- USN-3583-1
- USN-3583-1
- USN-3597-1
- USN-3597-1
- USN-3597-2
- USN-3597-2
- USN-3516-1
- USN-3516-1
- USN-3522-2
- USN-3522-2
- USN-3523-2
- USN-3523-2
- USN-3524-2
- USN-3524-2
- USN-3525-1
- USN-3525-1
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
- DSA-4078
- DSA-4078
- DSA-4082
- DSA-4082
- DSA-4120
- DSA-4120
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.synology.com/support/security/Synology_SA_18_01
Modified: 2024-11-21
CVE-2017-8824
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- http://lists.openwall.net/netdev/2017/12/04/224
- http://lists.openwall.net/netdev/2017/12/04/224
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- 102056
- 102056
- RHSA-2018:0399
- RHSA-2018:0399
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2018:1130
- RHSA-2018:1130
- RHSA-2018:1170
- RHSA-2018:1170
- RHSA-2018:1216
- RHSA-2018:1216
- RHSA-2018:1319
- RHSA-2018:1319
- RHSA-2018:3822
- RHSA-2018:3822
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3581-1
- USN-3581-1
- USN-3581-2
- USN-3581-2
- USN-3581-3
- USN-3581-3
- USN-3582-1
- USN-3582-1
- USN-3582-2
- USN-3582-2
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- 43234
- 43234
Package kernel-image-std-pae updated to version 4.4.116-alt1 for branch sisyphus in task 200707.
Closed vulnerabilities
BDU:2021-04144
Уязвимость функции dccp_disconnect (net/dccp/proto.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-8824
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- http://lists.openwall.net/netdev/2017/12/04/224
- http://lists.openwall.net/netdev/2017/12/04/224
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- 102056
- 102056
- RHSA-2018:0399
- RHSA-2018:0399
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2018:1130
- RHSA-2018:1130
- RHSA-2018:1170
- RHSA-2018:1170
- RHSA-2018:1216
- RHSA-2018:1216
- RHSA-2018:1319
- RHSA-2018:1319
- RHSA-2018:3822
- RHSA-2018:3822
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3581-1
- USN-3581-1
- USN-3581-2
- USN-3581-2
- USN-3581-3
- USN-3581-3
- USN-3582-1
- USN-3582-1
- USN-3582-2
- USN-3582-2
- USN-3583-1
- USN-3583-1
- USN-3583-2
- USN-3583-2
- DSA-4073
- DSA-4073
- DSA-4082
- DSA-4082
- 43234
- 43234
Package strongswan updated to version 5.6.2-alt1 for branch sisyphus in task 200762.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-6459
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.