ALT-BU-2019-3624-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 5.0.9-alt1 for branch sisyphus in task 227938.
Closed vulnerabilities
BDU:2023-02534
Уязвимость функции pde_subdir_find() в модуле fs/proc/generic.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-15292
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac
- https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K27112954
- https://support.f5.com/csp/article/K27112954?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac
- https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K27112954
- https://support.f5.com/csp/article/K27112954?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
Modified: 2024-11-21
CVE-2019-15922
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- https://github.com/torvalds/linux/commit/58ccd2d31e502c37e108b285bf3d343eb00c235b
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- https://github.com/torvalds/linux/commit/58ccd2d31e502c37e108b285bf3d343eb00c235b
- https://security.netapp.com/advisory/ntap-20191004-0001/
Modified: 2024-11-21
CVE-2019-15923
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- https://github.com/torvalds/linux/commit/f0d1762554014ce0ae347b9f0d088f2c157c8c72
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- https://github.com/torvalds/linux/commit/f0d1762554014ce0ae347b9f0d088f2c157c8c72
- https://security.netapp.com/advisory/ntap-20191004-0001/
Closed vulnerabilities
BDU:2021-01498
Уязвимость функции unicode_to_ansi_copy() файла DriverManager/__info.c библиотеки ODBC для UNIX UnixODBC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-7409
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
- http://www.unixodbc.org/unixODBC-2.3.5.tar.gz
- https://access.redhat.com/errata/RHSA-2019:2336
- https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download
- http://www.unixodbc.org/unixODBC-2.3.5.tar.gz
- https://access.redhat.com/errata/RHSA-2019:2336
- https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download
Closed bugs
Сломана сборка unixODBC
Package gnome-desktop3 updated to version 3.32.1.1-alt1 for branch sisyphus in task 228053.
Closed vulnerabilities
BDU:2020-01690
Уязвимость функции TIFFReadRGBAImageOriented программного средства просмотра документов Evince, позволяющая нарушителю получить несанкционированный доступ к информации
Modified: 2024-11-21
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html
- https://access.redhat.com/errata/RHSA-2019:3553
- https://gitlab.gnome.org/GNOME/evince/issues/1129
- https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/
- https://seclists.org/bugtraq/2020/Feb/18
- https://usn.ubuntu.com/3959-1/
- https://www.debian.org/security/2020/dsa-4624
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html
- https://access.redhat.com/errata/RHSA-2019:3553
- https://gitlab.gnome.org/GNOME/evince/issues/1129
- https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/
- https://seclists.org/bugtraq/2020/Feb/18
- https://usn.ubuntu.com/3959-1/
- https://www.debian.org/security/2020/dsa-4624
Closed vulnerabilities
BDU:2021-05259
Уязвимость функции memmove() алгоритма сжатия данных без потерь LZ4, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
- https://bugzilla.redhat.com/show_bug.cgi?id=1954559
- https://security.netapp.com/advisory/ntap-20211104-0005/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1954559
- https://security.netapp.com/advisory/ntap-20211104-0005/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html