ALT Linux Team

Branch sisyphus update on 2018-12-25

2018-12-25

ALT-BU-2018-3662-1

Branch sisyphus update bulletin.

ALT-PU-2018-2956-1

Package kernel-image-mp updated to version 4.19.12-alt1 for branch sisyphus in task 218513.

Closed vulnerabilities

Published: 2019-04-17
Modified: 2024-06-03

BDU:2019-01409

Уязвимость функции hso_get_config_data ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2019-07-04
Modified: 2024-05-28

BDU:2019-02380

Уязвимость функции __usb_get_extra_descriptor подсистемы USB ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2019-03-21
Modified: 2024-11-21

CVE-2018-19985

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-12-17
Modified: 2024-11-21

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2018-2957-1

Package libraw updated to version 0.19.2-alt1 for branch sisyphus in task 218543.

Closed vulnerabilities

Published: 2019-06-18
Modified: 2023-11-21

BDU:2019-02106

Уязвимость функции parse_makernote библиотеки для обработки изображений LibRaw, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2022-10-03
Modified: 2023-11-21

BDU:2022-06040

Уязвимость функции LibRaw::copy_bayer компонента libraw_cxx.cpp библиотеки для обработки изображений LibRaw, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2018-12-21
Modified: 2024-11-21

CVE-2018-20337

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2018-12-22
Modified: 2024-11-21

CVE-2018-20363

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-12-22
Modified: 2024-11-21

CVE-2018-20364

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-12-22
Modified: 2024-11-21

CVE-2018-20365

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top