ALT-BU-2018-3526-1
Branch c8.1 update bulletin.
Package kernel-image-std-def updated to version 4.9.133-alt0.M80C.1 for branch c8.1 in task 215004.
Closed vulnerabilities
BDU:2019-01057
Уязвимость функции ext4_xattr_set_entry() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01058
Уязвимость функции ext4_update_inline_data() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-03459
Уязвимость функции fd_locked_ioctl ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2020-00735
Уязвимость функции xenvif_set_hash_mapping гипервизора Xen, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Modified: 2024-11-21
CVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/928666/
- http://patchwork.ozlabs.org/patch/928666/
- http://patchwork.ozlabs.org/patch/928667/
- http://patchwork.ozlabs.org/patch/928667/
- 104902
- 104902
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
- http://patchwork.ozlabs.org/patch/930639/
- http://patchwork.ozlabs.org/patch/930639/
- 104907
- 104907
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3821-1
- USN-3821-1
- USN-3821-2
- USN-3821-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-15471
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.
- http://xenbits.xen.org/xsa/advisory-270.html
- http://xenbits.xen.org/xsa/advisory-270.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- USN-3819-1
- USN-3819-1
- USN-3820-1
- USN-3820-1
- USN-3820-2
- USN-3820-2
- USN-3820-3
- USN-3820-3
- DSA-4313
- DSA-4313
Modified: 2024-11-21
CVE-2018-7755
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
- RHSA-2019:2029
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:2043
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- https://lkml.org/lkml/2018/3/7/1116
- https://lkml.org/lkml/2018/3/7/1116
- USN-3695-1
- USN-3695-1
- USN-3695-2
- USN-3695-2
- USN-3696-1
- USN-3696-1
- USN-3696-2
- USN-3696-2
- USN-3697-1
- USN-3697-1
- USN-3697-2
- USN-3697-2
- USN-3698-1
- USN-3698-1
- USN-3698-2
- USN-3698-2
- DSA-4308
- DSA-4308
Closed vulnerabilities
BDU:2018-01221
Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации
Modified: 2024-11-21
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
- 105677
- 105677
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
- [debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update
- [debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- USN-3795-1
- USN-3795-1
- USN-3795-2
- USN-3795-2
- DSA-4322
- DSA-4322
- 45638
- 45638
- https://www.libssh.org/security/advisories/CVE-2018-10933.txt
- https://www.libssh.org/security/advisories/CVE-2018-10933.txt
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html