ALT Linux Team

Branch c7.1 update on 2018-04-03

2018-04-03

ALT-BU-2018-3176-1

Branch c7.1 update bulletin.

ALT-PU-2018-1488-1

Package kernel-image-un-def updated to version 4.9.90-alt0.M70C.1 for branch c7.1 in task 202923.

Closed vulnerabilities

Published: 2018-01-11

BDU:2018-00414

Уязвимость функций snd_seq_write и snd_seq_ioctl_set_client_pool (seq_clientmgr.c) звуковой подсистемы ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2017-02-03

BDU:2018-00491

Уязвимость функции blkcg_init_queue ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2018-02-19

BDU:2018-00604

Уязвимость интерфейса системных вызовов (SCI) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2011-12-12
Modified: 2023-11-07

CVE-2011-1161

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none

Published: 2018-01-16
Modified: 2024-11-21

CVE-2018-1000004

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-03-16
Modified: 2024-11-21

CVE-2018-1068

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-02-25
Modified: 2024-11-21

CVE-2018-7480

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-1537-1

Package kernel-image-un-def updated to version 4.9.92-alt0.M70C.1 for branch c7.1 in task 203312.

Closed vulnerabilities

Published: 2017-07-06

BDU:2018-00569

Уязвимость компонента hns_enet.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2017-12-05

BDU:2021-04144

Уязвимость функции dccp_disconnect (net/dccp/proto.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2018-03-05
Modified: 2024-11-21

CVE-2017-18218

In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-12-05
Modified: 2025-04-20

CVE-2017-8824

The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-04-23
Modified: 2024-11-21

CVE-2018-8781

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top