ALT Linux Team

Branch sisyphus update on 2019-08-27

2019-08-27

ALT-BU-2019-3898-1

Branch sisyphus update bulletin.

ALT-PU-2019-2537-1

Package kernel-image-un-def updated to version 5.2.10-alt1 for branch sisyphus in task 236607.

Closed vulnerabilities

Published: 2019-08-14

BDU:2019-03220

Уязвимость драйвера drivers/net/wireless/ath/ath6kl/usb.c ядра операционных систем Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-15

BDU:2020-00286

Уязвимость драйвера drivers/usb/class/cdc-acm.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-12

BDU:2020-00289

Уязвимость драйвера drivers/usb/core/file.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.2) Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-06

BDU:2020-00295

Уязвимость драйвера drivers/hid/usbhid/hiddev.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-14

BDU:2021-06411

Уязвимость компонента sound/usb/mixer.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-08-16
Modified: 2024-11-21

CVE-2019-15098

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-16
Modified: 2024-11-21

CVE-2019-15117

parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-08-16
Modified: 2024-11-21

CVE-2019-15118

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-20
Modified: 2024-11-21

CVE-2019-15291

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-12-03
Modified: 2024-11-21

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-12-03
Modified: 2024-11-21

CVE-2019-19530

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.

Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-12-03
Modified: 2024-11-21

CVE-2019-19537

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.

Severity: MEDIUM (4.2) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2019-2538-1

Package pwgen updated to version 2.08-alt1 for branch sisyphus in task 236621.

Closed vulnerabilities

Published: 2014-12-19
Modified: 2024-11-21

CVE-2013-4440

Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

Severity: MEDIUM (5.0)
References:
Published: 2020-01-27
Modified: 2024-11-21

CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2014-12-19
Modified: 2024-11-21

CVE-2013-4442

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

Severity: MEDIUM (5.0)
References:

ALT-PU-2019-2539-1

Package alterator-net-eth updated to version 5.1.2-alt1 for branch sisyphus in task 236627.

Closed bugs

Bug #37103

ipv4address не создается при переключении конфигурации с DHCP на ручное (изменения, внесенные с помощью альтератора не применяются сразу при нажатии на кнопку "Применить")

ALT-PU-2019-2540-1

Package jhead updated to version 3.03-alt2 for branch sisyphus in task 236636.

Closed vulnerabilities

Published: 2019-07-15
Modified: 2024-11-21

CVE-2019-1010301

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-07-15
Modified: 2024-11-21

CVE-2019-1010302

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top