ALT-BU-2019-3650-11
Branch sisyphus update bulletin.
Package kernel-image-std-debug updated to version 4.19.42-alt1 for branch sisyphus in task 229194.
Closed vulnerabilities
Modified: 2023-02-13
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- RHSA-2011:0833
- http://downloads.avaya.com/css/P8/documents/100145416
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
Package kernel-image-std-pae updated to version 4.19.42-alt1 for branch sisyphus in task 229196.
Closed vulnerabilities
Modified: 2023-02-13
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- RHSA-2011:0833
- http://downloads.avaya.com/css/P8/documents/100145416
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
Package kernel-image-un-def updated to version 5.0.15-alt1 for branch sisyphus in task 229197.
Closed vulnerabilities
BDU:2021-03082
Уязвимость функции do_hidp_sock_ioctl ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2023-02-13
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- RHSA-2011:0833
- http://downloads.avaya.com/css/P8/documents/100145416
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
Modified: 2024-11-21
CVE-2019-11884
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
- openSUSE-SU-2019:1404
- openSUSE-SU-2019:1404
- openSUSE-SU-2019:1407
- openSUSE-SU-2019:1407
- openSUSE-SU-2019:1479
- openSUSE-SU-2019:1479
- 108299
- 108299
- RHSA-2019:3309
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3517
- RHSA-2020:0740
- RHSA-2020:0740
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16
- https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16
- https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- FEDORA-2019-c36afa818c
- FEDORA-2019-c36afa818c
- FEDORA-2019-640f8d8dd1
- FEDORA-2019-640f8d8dd1
- FEDORA-2019-e6bf55e821
- FEDORA-2019-e6bf55e821
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- USN-4068-1
- USN-4068-1
- USN-4068-2
- USN-4068-2
- USN-4069-1
- USN-4069-1
- USN-4069-2
- USN-4069-2
- USN-4076-1
- USN-4076-1
- USN-4118-1
- USN-4118-1
- DSA-4465
- DSA-4465
Package kernel-image-std-def updated to version 4.19.42-alt1 for branch sisyphus in task 229195.
Closed vulnerabilities
BDU:2019-02826
Уязвимость функций smp_task_timedout () и smp_task_done () в файле drivers/scsi/libsas/sas_expander.c ядра операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2023-02-13
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- RHSA-2011:0833
- http://downloads.avaya.com/css/P8/documents/100145416
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
Modified: 2024-11-21
CVE-2018-20836
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
- openSUSE-SU-2019:1716
- openSUSE-SU-2019:1716
- openSUSE-SU-2019:1757
- openSUSE-SU-2019:1757
- 108196
- 108196
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae
- https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae
- https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- 20190812 [SECURITY] [DSA 4495-1] linux security update
- 20190812 [SECURITY] [DSA 4495-1] linux security update
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- https://security.netapp.com/advisory/ntap-20190719-0003/
- https://security.netapp.com/advisory/ntap-20190719-0003/
- https://support.f5.com/csp/article/K11225249
- https://support.f5.com/csp/article/K11225249
- USN-4076-1
- USN-4076-1
- DSA-4495
- DSA-4495
- DSA-4497
- DSA-4497
Closed vulnerabilities
BDU:2020-01633
Уязвимость функции exif_process_IFD_TAG интерпретатора языка программирования PHP, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить несанкционированный доступ к информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-11036
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
- openSUSE-SU-2019:1501
- openSUSE-SU-2019:1501
- openSUSE-SU-2019:1503
- openSUSE-SU-2019:1503
- openSUSE-SU-2019:1572
- openSUSE-SU-2019:1572
- openSUSE-SU-2019:1573
- openSUSE-SU-2019:1573
- 108177
- 108177
- RHSA-2019:2519
- RHSA-2019:2519
- RHSA-2019:3299
- RHSA-2019:3299
- https://bugs.php.net/bug.php?id=77950
- https://bugs.php.net/bug.php?id=77950
- [debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update
- [debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update
- FEDORA-2019-6e325234a4
- FEDORA-2019-6e325234a4
- FEDORA-2019-6350c4e21a
- FEDORA-2019-6350c4e21a
- FEDORA-2019-bab3944fee
- FEDORA-2019-bab3944fee
- 20190920 [SECURITY] [DSA 4527-1] php7.3 security update
- 20190920 [SECURITY] [DSA 4527-1] php7.3 security update
- 20190923 [SECURITY] [DSA 4529-1] php7.0 security update
- 20190923 [SECURITY] [DSA 4529-1] php7.0 security update
- https://security.netapp.com/advisory/ntap-20190517-0003/
- https://security.netapp.com/advisory/ntap-20190517-0003/
- USN-3566-2
- USN-3566-2
- USN-4009-1
- USN-4009-1
- DSA-4527
- DSA-4527
- DSA-4529
- DSA-4529
Package perl-Compress-LZ4 updated to version 0.25-alt2 for branch sisyphus in task 229188.
Closed bugs
perl-Compress-LZ4-0.25-alt1.2 builds and provides its own old bundled copy of liblz4