ALT-BU-2019-3519-1
Branch p8 update bulletin.
Package kernel-image-std-def updated to version 4.9.160-alt0.M80P.1 for branch p8 in task 222834.
Closed vulnerabilities
BDU:2019-01346
Уязвимость функции kvm_ioctl_create_device ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01352
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-02782
Уязвимость функции hid_debug_events_read () ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-03996
Уязвимость ядра операционной системы Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-11-21
CVE-2018-1000026
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://patchwork.ozlabs.org/patch/859410/
- https://patchwork.ozlabs.org/patch/859410/
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3617-3
- USN-3617-3
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3620-1
- USN-3620-1
- USN-3620-2
- USN-3620-2
- USN-3632-1
- USN-3632-1
Modified: 2024-11-21
CVE-2019-3819
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.
- openSUSE-SU-2019:1193
- openSUSE-SU-2019:1193
- 106730
- 106730
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-3932-1
- USN-3932-1
- USN-3932-2
- USN-3932-2
- USN-4115-1
- USN-4115-1
- USN-4118-1
- USN-4118-1
Modified: 2024-11-21
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 107127
- RHBA-2019:0959
- RHSA-2019:0818
- RHSA-2019:0833
- RHSA-2019:2809
- RHSA-2019:3967
- RHSA-2020:0103
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://support.f5.com/csp/article/K11186236
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&%3Butm_medium=RSS
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- 46388
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 46388
- USN-3933-2
- USN-3933-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K11186236
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- RHSA-2020:0103
- RHSA-2019:3967
- RHSA-2019:2809
- RHSA-2019:0833
- RHSA-2019:0818
- RHBA-2019:0959
- 107127
Modified: 2024-11-21
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- RHBA-2019:0959
- RHSA-2019:0818
- RHSA-2019:0833
- RHSA-2019:3967
- RHSA-2019:4058
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
- https://security.netapp.com/advisory/ntap-20190404-0002/
- https://support.f5.com/csp/article/K08413011
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- SUSE-SA-2019:0203-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K08413011
- https://security.netapp.com/advisory/ntap-20190404-0002/
- FEDORA-2019-3da64f3e61
- FEDORA-2019-164946aa7f
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- RHSA-2019:4058
- RHSA-2019:3967
- RHSA-2019:0833
- RHSA-2019:0818
- RHBA-2019:0959
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
Modified: 2024-11-21
CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- 106963
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:3309
- RHSA-2019:3517
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
- https://security.netapp.com/advisory/ntap-20190404-0002/
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- SUSE-SA-2019:0203-1
- USN-3933-2
- USN-3933-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://security.netapp.com/advisory/ntap-20190404-0002/
- FEDORA-2019-3da64f3e61
- FEDORA-2019-164946aa7f
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2019:2043
- RHSA-2019:2029
- 106963
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
Package kernel-image-ovz-el updated to version 2.6.32-alt165.M80P.1 for branch p8 in task 221393.
Closed vulnerabilities
BDU:2017-01200
Уязвимость функции inet_csk_clone_lock службы net/ipv4/inet_connection_sock.c операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01414
Уязвимость функции tcp_v6_syn_recv_sock службы net/ipv6/tcp_ipv6.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2017-01415
Уязвимость функции dccp_v6_request_recv_sock службы net/dccp/ipv6.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2017-01416
Уязвимость функции sctp_v6_create_accept_sk службы net/sctp/ipv6.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2017-01417
Уязвимость реализации фрагментации пакетов IPv6 в ядре операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2017-01479
Уязвимость в реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-1000364
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
- DSA-3886
- DSA-3886
- 99130
- 99130
- 1038724
- 1038724
- RHSA-2017:1482
- RHSA-2017:1482
- RHSA-2017:1483
- RHSA-2017:1483
- RHSA-2017:1484
- RHSA-2017:1484
- RHSA-2017:1485
- RHSA-2017:1485
- RHSA-2017:1486
- RHSA-2017:1486
- RHSA-2017:1487
- RHSA-2017:1487
- RHSA-2017:1488
- RHSA-2017:1488
- RHSA-2017:1489
- RHSA-2017:1489
- RHSA-2017:1490
- RHSA-2017:1490
- RHSA-2017:1491
- RHSA-2017:1491
- RHSA-2017:1567
- RHSA-2017:1567
- RHSA-2017:1616
- RHSA-2017:1616
- RHSA-2017:1647
- RHSA-2017:1647
- RHSA-2017:1712
- RHSA-2017:1712
- https://access.redhat.com/security/cve/CVE-2017-1000364
- https://access.redhat.com/security/cve/CVE-2017-1000364
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://kc.mcafee.com/corporate/index?page=content&id=SB10207
- https://kc.mcafee.com/corporate/index?page=content&id=SB10207
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
- 45625
- 45625
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://www.suse.com/security/cve/CVE-2017-1000364/
- https://www.suse.com/security/cve/CVE-2017-1000364/
- https://www.suse.com/support/kb/doc/?id=7020973
- https://www.suse.com/support/kb/doc/?id=7020973
Modified: 2024-11-21
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a
- DSA-3886
- DSA-3886
- 98562
- 98562
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- RHSA-2018:1854
- RHSA-2018:1854
- https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a
- https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a
- https://source.android.com/security/bulletin/2017-09-01
- https://source.android.com/security/bulletin/2017-09-01
Modified: 2024-11-21
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1
- DSA-3886
- DSA-3886
- 98577
- 98577
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- RHSA-2018:0169
- RHSA-2018:0169
- https://github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10a70a1
- https://github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10a70a1
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://patchwork.ozlabs.org/patch/763117/
- https://patchwork.ozlabs.org/patch/763117/
Modified: 2024-11-21
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
- DSA-3886
- DSA-3886
- 98597
- 98597
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- RHSA-2018:1854
- RHSA-2018:1854
- https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
- https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
- https://patchwork.ozlabs.org/patch/763569/
- https://patchwork.ozlabs.org/patch/763569/
- https://source.android.com/security/bulletin/2017-10-01
- https://source.android.com/security/bulletin/2017-10-01
Modified: 2024-11-21
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
- DSA-3886
- DSA-3886
- 98586
- 98586
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- RHSA-2018:1854
- RHSA-2018:1854
- https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52
- https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52
- https://patchwork.ozlabs.org/patch/760370/
- https://patchwork.ozlabs.org/patch/760370/
- https://source.android.com/security/bulletin/2017-09-01
- https://source.android.com/security/bulletin/2017-09-01
Modified: 2024-11-21
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
- DSA-3886
- DSA-3886
- 98583
- 98583
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- RHSA-2018:1854
- RHSA-2018:1854
- https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52
- https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52
- https://patchwork.ozlabs.org/patch/760370/
- https://patchwork.ozlabs.org/patch/760370/
- https://source.android.com/security/bulletin/2017-11-01
- https://source.android.com/security/bulletin/2017-11-01
Closed bugs
Incompatible with current ovz-el kernel
Обновить до 042stab130.1 (CVE-2018-3639)