ALT-BU-2018-3350-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 4.17.6-alt1 for branch sisyphus in task 209817.
Closed vulnerabilities
BDU:2019-01054
Уязвимость функции ext4_ext_remove_space() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-01055
Уязвимость функции ext4_ext_drop_refs() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-01056
Уязвимость функции ext4_init_block_bitmap() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01057
Уязвимость функции ext4_xattr_set_entry() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01058
Уязвимость функции ext4_update_inline_data() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01059
Уязвимость в файле transaction.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2019-01060
Уязвимость функции jbd2_journal_dirty_metadata() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-10876
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
- http://patchwork.ozlabs.org/patch/929239/
- http://patchwork.ozlabs.org/patch/929239/
- 104904
- 104904
- 106503
- 106503
- RHSA-2019:0525
- RHSA-2019:0525
- https://bugzilla.kernel.org/show_bug.cgi?id=199403
- https://bugzilla.kernel.org/show_bug.cgi?id=199403
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
- 104878
- 104878
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3754-1
- USN-3754-1
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10878
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/929237/
- http://patchwork.ozlabs.org/patch/929237/
- http://patchwork.ozlabs.org/patch/929238/
- http://patchwork.ozlabs.org/patch/929238/
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=199865
- https://bugzilla.kernel.org/show_bug.cgi?id=199865
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/928666/
- http://patchwork.ozlabs.org/patch/928666/
- http://patchwork.ozlabs.org/patch/928667/
- http://patchwork.ozlabs.org/patch/928667/
- 104902
- 104902
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
- http://patchwork.ozlabs.org/patch/930639/
- http://patchwork.ozlabs.org/patch/930639/
- 104907
- 104907
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3821-1
- USN-3821-1
- USN-3821-2
- USN-3821-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/929792/
- http://patchwork.ozlabs.org/patch/929792/
- 104901
- 104901
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3752-1
- USN-3752-1
- USN-3752-2
- USN-3752-2
- USN-3752-3
- USN-3752-3
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2018-10882
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.kernel.org/show_bug.cgi?id=200069
- https://bugzilla.kernel.org/show_bug.cgi?id=200069
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- https://support.f5.com/csp/article/K94735334?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K94735334?utm_source=f5support&%3Butm_medium=RSS
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
- USN-3879-1
- USN-3879-1
- USN-3879-2
- USN-3879-2
Package alterator-net-domain updated to version 0.7.0-alt7 for branch sisyphus in task 209659.
Closed bugs
неверные параметры в slapd.conf при конфигурации LDAP/Kerberos "домена"
Package glusterfs3 updated to version 3.12.12-alt1 for branch sisyphus in task 209920.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-10841
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
- RHSA-2018:1954
- RHSA-2018:1954
- RHSA-2018:1955
- RHSA-2018:1955
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
- [debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update
- [debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update
- https://review.gluster.org/#/c/20328/
- https://review.gluster.org/#/c/20328/
- GLSA-201904-06
- GLSA-201904-06
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-11164
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
- http://openwall.com/lists/oss-security/2017/07/11/3
- http://openwall.com/lists/oss-security/2017/07/11/3
- [oss-security] 20230411 CVE-2017-11164 - stack exhaustion in PCRE
- [oss-security] 20230411 CVE-2017-11164 - stack exhaustion in PCRE
- [oss-security] 20230412 Re: CVE-2017-11164 - stack exhaustion in PCRE
- [oss-security] 20230412 Re: CVE-2017-11164 - stack exhaustion in PCRE
- 99575
- 99575
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
Modified: 2024-11-21
CVE-2017-16231
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used
- http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
- http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2018/Dec/33
- http://seclists.org/fulldisclosure/2018/Dec/33
- http://www.openwall.com/lists/oss-security/2017/11/01/11
- http://www.openwall.com/lists/oss-security/2017/11/01/11
- http://www.openwall.com/lists/oss-security/2017/11/01/3
- http://www.openwall.com/lists/oss-security/2017/11/01/3
- http://www.openwall.com/lists/oss-security/2017/11/01/7
- http://www.openwall.com/lists/oss-security/2017/11/01/7
- http://www.openwall.com/lists/oss-security/2017/11/01/8
- http://www.openwall.com/lists/oss-security/2017/11/01/8
- http://www.securityfocus.com/bid/101688
- http://www.securityfocus.com/bid/101688
- https://bugs.exim.org/show_bug.cgi?id=2047
- https://bugs.exim.org/show_bug.cgi?id=2047
Closed vulnerabilities
BDU:2021-02474
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-02623
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-2174
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-01189f6361
- FEDORA-2021-01189f6361
- FEDORA-2021-b8b7829a83
- FEDORA-2021-b8b7829a83
- FEDORA-2021-5b6c69a73a
- FEDORA-2021-5b6c69a73a
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://www.oracle.com/security-alerts/cpuapr2021.html
- https://www.oracle.com/security-alerts/cpuapr2021.html
Modified: 2024-11-21
CVE-2021-2180
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-01189f6361
- FEDORA-2021-01189f6361
- FEDORA-2021-b8b7829a83
- FEDORA-2021-b8b7829a83
- FEDORA-2021-5b6c69a73a
- FEDORA-2021-5b6c69a73a
- GLSA-202105-27
- GLSA-202105-27
- GLSA-202105-28
- GLSA-202105-28
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://www.oracle.com/security-alerts/cpuapr2021.html
- https://www.oracle.com/security-alerts/cpuapr2021.html