Branch sisyphus update bulletin.

Package collectd updated to version 5.8.0-alt1 for branch sisyphus in task 203449.

Published: 2018-03-19
Modified: 2024-11-21

CVE-2017-18240

The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Package avogadro updated to version 1.2.0-alt3.S1 for branch sisyphus in task 203736.

Не запускается

Package kernel-image-std-def updated to version 4.9.93-alt1 for branch sisyphus in task 203741.

Published: 2017-12-22

BDU:2018-00001

Уязвимость процессоров Intel и АRM, вызванная ошибкой контроля доступа к памяти при спекулятивном выполнении инструкций процессора, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

CVE-2017-5754

Published: 2018-01-04
Modified: 2024-11-21

CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

Package texlive-texmf updated to version 2017-alt8_2 for branch sisyphus in task 203783.

texlive: missing %_bindir/latexmk

Version: 2.1.1

Branch sisyphus update on 2018-04-10

ALT-BU-2018-3189-1

ALT-PU-2018-1562-1

Closed vulnerabilities

CVE-2017-18240

ALT-PU-2018-1563-1

Closed bugs

Bug #34779

ALT-PU-2018-1564-1

Closed vulnerabilities

BDU:2018-00001

CVE-2017-5754

ALT-PU-2018-1566-1

Closed bugs

Bug #34785