ALT-BU-2018-3235-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2018-00091
Уязвимость функции post_load (hw/input/ps2.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить чтение за границами буфера в динамической памяти
BDU:2018-01508
Уязвимость функции load_multiboot эмулятора аппаратного обеспечения Qemu, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-00716
Уязвимость функции vga_draw_text эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-00721
Уязвимость эмулятора аппаратного обеспечения QEMU позволяет записывать данные за пределами заданного буфера, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2017-16845
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
- http://www.securityfocus.com/bid/101923
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
- https://usn.ubuntu.com/3575-1/
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.securityfocus.com/bid/101923
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
- https://usn.ubuntu.com/3575-1/
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
- http://www.openwall.com/lists/oss-security/2018/01/15/2
- http://www.securityfocus.com/bid/102518
- https://access.redhat.com/errata/RHSA-2018:0816
- https://access.redhat.com/errata/RHSA-2018:1104
- https://access.redhat.com/errata/RHSA-2018:2162
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html
- https://usn.ubuntu.com/3575-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.openwall.com/lists/oss-security/2018/01/15/2
- http://www.securityfocus.com/bid/102518
- https://access.redhat.com/errata/RHSA-2018:0816
- https://access.redhat.com/errata/RHSA-2018:1104
- https://access.redhat.com/errata/RHSA-2018:2162
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html
- https://usn.ubuntu.com/3575-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
- http://www.securityfocus.com/bid/103181
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:2462
- https://bugzilla.redhat.com/show_bug.cgi?id=1549798
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
- https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.securityfocus.com/bid/103181
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:2462
- https://bugzilla.redhat.com/show_bug.cgi?id=1549798
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
- https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2018-7858
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
- http://www.openwall.com/lists/oss-security/2018/03/09/1
- http://www.securityfocus.com/bid/103350
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:1416
- https://access.redhat.com/errata/RHSA-2018:2162
- https://bugzilla.redhat.com/show_bug.cgi?id=1553402
- https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
- https://usn.ubuntu.com/3649-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
- http://www.openwall.com/lists/oss-security/2018/03/09/1
- http://www.securityfocus.com/bid/103350
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:1416
- https://access.redhat.com/errata/RHSA-2018:2162
- https://bugzilla.redhat.com/show_bug.cgi?id=1553402
- https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
- https://usn.ubuntu.com/3649-1/
Closed bugs
Не открывает файл по клику из файлового менеджера
Package kernel-image-un-def updated to version 4.16.7-alt1 for branch sisyphus in task 205622.
Closed vulnerabilities
BDU:2018-00715
Уязвимость функции ext4_valid_block_bitmap ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02917
Уязвимость функции rsi_mac80211_detach ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-1093
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4188
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4188
Modified: 2024-11-21
CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- http://www.securityfocus.com/bid/104154
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3695-1/
- https://usn.ubuntu.com/3695-2/
- https://usn.ubuntu.com/3754-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- http://www.securityfocus.com/bid/104154
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3695-1/
- https://usn.ubuntu.com/3695-2/
- https://usn.ubuntu.com/3754-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6
Modified: 2024-11-21
CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
- http://www.securityfocus.com/bid/104055
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://usn.ubuntu.com/3718-1/
- https://usn.ubuntu.com/3718-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://www.debian.org/security/2018/dsa-4188
- http://www.securityfocus.com/bid/104055
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://usn.ubuntu.com/3718-1/
- https://usn.ubuntu.com/3718-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://www.debian.org/security/2018/dsa-4188
Modified: 2024-11-21
CVE-2018-21008
An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abd39c6ded9db53aa44c2540092bdd5fb6590fa8
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abd39c6ded9db53aa44c2540092bdd5fb6590fa8
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
Package kernel-image-std-def updated to version 4.9.98-alt1 for branch sisyphus in task 205621.
Closed vulnerabilities
BDU:2018-00715
Уязвимость функции ext4_valid_block_bitmap ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-1093
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4188
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4188
Modified: 2024-11-21
CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
- http://www.securityfocus.com/bid/104055
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://usn.ubuntu.com/3718-1/
- https://usn.ubuntu.com/3718-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://www.debian.org/security/2018/dsa-4188
- http://www.securityfocus.com/bid/104055
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://usn.ubuntu.com/3718-1/
- https://usn.ubuntu.com/3718-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://www.debian.org/security/2018/dsa-4188
Package kernel-image-std-pae updated to version 4.4.131-alt1 for branch sisyphus in task 205624.
Closed vulnerabilities
BDU:2018-00715
Уязвимость функции ext4_valid_block_bitmap ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-1093
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4188
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://usn.ubuntu.com/3676-1/
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2018/dsa-4188
Closed bugs
Нет списков файлов в диалоге открытия/сохранения