ALT Linux Team

Branch c7.1 update on 2018-11-28

2018-11-28

ALT-BU-2018-3604-1

Branch c7.1 update bulletin.

ALT-PU-2018-2696-1

Package kernel-image-un-def updated to version 4.9.138-alt0.M70C.1 for branch c7.1 in task 216734.

Closed vulnerabilities

Published: 2018-04-26

BDU:2019-01343

Уязвимость функции cdrom_ioctl_drive_status() операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
References:
Published: 2018-05-09
Modified: 2024-11-21

CVE-2018-10940

The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-09-07
Modified: 2024-11-21

CVE-2018-16658

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.

Severity: LOW (3.6) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top