ALT Linux Team

Branch p8 update on 2018-07-24

2018-07-24

ALT-BU-2018-3365-1

Branch p8 update bulletin.

ALT-PU-2018-2043-1

Package kernel-image-std-def updated to version 4.9.113-alt0.M80P.1 for branch p8 in task 210383.

Closed vulnerabilities

Published: 2018-07-06

BDU:2019-00979

Уязвимость файла drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать сбой в работе ядра операционной системы или повысить привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-08-31
Modified: 2024-11-21

CVE-2018-16276

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-2052-1

Package transmission updated to version 2.94-alt2.M80P.1 for branch p8 in task 210244.

Closed vulnerabilities

Published: 2018-01-15
Modified: 2024-11-21

CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top