2019-08-07
ALT-BU-2019-3851-1
Branch c7.1 update bulletin.
Package kernel-image-std-def updated to version 4.4.186-alt0.M70C.1 for branch c7.1 in task 234981.
Closed vulnerabilities
Published: 2019-05-30
BDU:2019-02927
Уязвимость функции mwifiex_update_bss_desc_with_ie ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (8.8)
Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-06-01
BDU:2020-01593
Уязвимость функции mwifiex_uap_parse_tail_ies ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-06-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-10126
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1716
- openSUSE-SU-2019:1716
- openSUSE-SU-2019:1757
- openSUSE-SU-2019:1757
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- 108817
- 108817
- RHSA-2019:3055
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3076
- RHSA-2019:3089
- RHSA-2019:3089
- RHSA-2019:3309
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3517
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0204
- RHSA-2020:0204
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://support.f5.com/csp/article/K95593121
- https://support.f5.com/csp/article/K95593121
- USN-4093-1
- USN-4093-1
- USN-4094-1
- USN-4094-1
- USN-4095-1
- USN-4095-1
- USN-4095-2
- USN-4095-2
- USN-4117-1
- USN-4117-1
- USN-4118-1
- USN-4118-1
- DSA-4465
- DSA-4465
Published: 2019-06-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-3846
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1571
- openSUSE-SU-2019:1571
- openSUSE-SU-2019:1579
- openSUSE-SU-2019:1579
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:2703
- RHSA-2019:2703
- RHSA-2019:2741
- RHSA-2019:2741
- RHSA-2019:3055
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3076
- RHSA-2019:3089
- RHSA-2019:3089
- RHSA-2020:0174
- RHSA-2020:0174
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- FEDORA-2019-f40bd7826f
- FEDORA-2019-f40bd7826f
- FEDORA-2019-7ec378191e
- FEDORA-2019-7ec378191e
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- https://seclists.org/oss-sec/2019/q2/133
- https://seclists.org/oss-sec/2019/q2/133
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://security.netapp.com/advisory/ntap-20190710-0002/
- USN-4093-1
- USN-4093-1
- USN-4094-1
- USN-4094-1
- USN-4095-1
- USN-4095-1
- USN-4095-2
- USN-4095-2
- USN-4117-1
- USN-4117-1
- USN-4118-1
- USN-4118-1
- DSA-4465
- DSA-4465