ALT Linux Team

Branch p8 update on 2018-05-08

2018-05-08

ALT-BU-2018-3236-1

Branch p8 update bulletin.

ALT-PU-2018-1664-1

Package kernel-image-std-def updated to version 4.9.98-alt0.M80P.1 for branch p8 in task 205625.

Closed vulnerabilities

Published: 2018-03-26

BDU:2018-00715

Уязвимость функции ext4_valid_block_bitmap ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2018-04-02
Modified: 2024-11-21

CVE-2018-1093

The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-05-21
Modified: 2024-11-21

CVE-2018-1108

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top