ALT-BU-2019-3505-1
Branch p8 update bulletin.
Closed vulnerabilities
BDU:2019-01413
Уязвимость функции bus_process_object() подсистемы инициализации операционных систем Linux Systemd, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-6454
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
- SUSE-SA:2019:0255-1
- openSUSE-SU-2019:1450
- [oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- [oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- [oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)
- 107081
- RHSA-2019:0368
- RHSA-2019:0990
- RHSA-2019:1322
- RHSA-2019:1502
- RHSA-2019:2805
- https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- [SECURITY] [DLA 1684-1] 20190219 systemd security update
- FEDORA-2019-8434288a24
- https://security.netapp.com/advisory/ntap-20190327-0004/
- USN-3891-1
- DSA-4393-1
- SUSE-SA:2019:0255-1
- DSA-4393-1
- USN-3891-1
- https://security.netapp.com/advisory/ntap-20190327-0004/
- FEDORA-2019-8434288a24
- [SECURITY] [DLA 1684-1] 20190219 systemd security update
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
- RHSA-2019:2805
- RHSA-2019:1502
- RHSA-2019:1322
- RHSA-2019:0990
- RHSA-2019:0368
- 107081
- [oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)
- [oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- [oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
- openSUSE-SU-2019:1450
Package kernel-image-std-debug updated to version 4.9.159-alt0.M80P.1 for branch p8 in task 222385.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-1000026
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://patchwork.ozlabs.org/patch/859410/
- https://patchwork.ozlabs.org/patch/859410/
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3617-3
- USN-3617-3
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3620-1
- USN-3620-1
- USN-3620-2
- USN-3620-2
- USN-3632-1
- USN-3632-1