ALT-BU-2019-4015-12
Branch p9 update bulletin.
Package libvirglrenderer updated to version 0.8.0.0.34.4ac3a04c-alt1 for branch p9 in task 239236.
Closed vulnerabilities
BDU:2020-00553
Уязвимость функции vrend_blit_need_swizzle (vrend_renderer.c) библиотеки virglrenderer, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00554
Уязвимость функции vrend_renderer_transfer_write_iov (vrend_renderer.c) библиотеки virglrenderer, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00915
Уязвимость функции vrend_renderer_transfer_write_iov компонента vrend_renderer.c виртуального OpenGL рендерера Virglrenderer, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-00916
Уязвимость компонента vrend_renderer.c виртуального OpenGL рендерера Virglrenderer, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-6386
Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.
- [oss-security] 20170301 CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state
- [oss-security] 20170301 CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state
- 96506
- 96506
- https://bugzilla.redhat.com/show_bug.cgi?id=1427472
- https://bugzilla.redhat.com/show_bug.cgi?id=1427472
- https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920
- https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920
- GLSA-201707-06
- GLSA-201707-06
Modified: 2024-11-21
CVE-2019-18388
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.
- openSUSE-SU-2020:0058
- openSUSE-SU-2020:0058
- Red Hat
- Red Hat
- https://bugzilla.redhat.com/show_bug.cgi?id=1765578
- https://bugzilla.redhat.com/show_bug.cgi?id=1765578
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
Modified: 2024-11-21
CVE-2019-18389
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
- openSUSE-SU-2020:0058
- openSUSE-SU-2020:0058
- Red Hat
- Red Hat
- https://bugzilla.redhat.com/show_bug.cgi?id=1765577
- https://bugzilla.redhat.com/show_bug.cgi?id=1765577
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
Modified: 2024-11-21
CVE-2019-18390
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
- openSUSE-SU-2020:0058
- openSUSE-SU-2020:0058
- Red Hat
- Red Hat
- https://bugzilla.redhat.com/show_bug.cgi?id=1765584
- https://bugzilla.redhat.com/show_bug.cgi?id=1765584
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
Modified: 2024-11-21
CVE-2019-18391
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
- openSUSE-SU-2020:0058
- openSUSE-SU-2020:0058
- Red Hat
- Red Hat
- https://bugzilla.redhat.com/show_bug.cgi?id=1765589
- https://bugzilla.redhat.com/show_bug.cgi?id=1765589
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=8c9cfb4e425542e96f0717189fe4658555baaf08
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=8c9cfb4e425542e96f0717189fe4658555baaf08
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
- [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
Closed vulnerabilities
BDU:2020-01691
Уязвимость функции onig_new_deluxe библиотеки регулярных выражений для многобайтовых строк libonig, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить ее целостность и доступность
Modified: 2024-11-21
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
- https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
- https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
- [debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update
- [debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update
- FEDORA-2019-5409bb5e68
- FEDORA-2019-5409bb5e68
- FEDORA-2019-3f3d0953db
- FEDORA-2019-3f3d0953db
- GLSA-201911-03
- GLSA-201911-03
- https://support.f5.com/csp/article/K00103182
- https://support.f5.com/csp/article/K00103182
- https://support.f5.com/csp/article/K00103182?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K00103182?utm_source=f5support&%3Butm_medium=RSS
- USN-4088-1
- USN-4088-1
Package kernel-image-un-def updated to version 5.3.6-alt1 for branch p9 in task 239170.
Closed vulnerabilities
BDU:2019-03507
Уязвимость компонента net/wireless/nl80211.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2020-00158
Уязвимость функции nfp_abm_u32_knode_replace() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00288
Уязвимость драйвера drivers/net/ieee802154/atusb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-16746
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:1153
- openSUSE-SU-2020:1153
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-057d691fd4
- FEDORA-2019-057d691fd4
- https://marc.info/?l=linux-wireless&m=156901391225058&w=2
- https://marc.info/?l=linux-wireless&m=156901391225058&w=2
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4183-1
- USN-4183-1
- USN-4186-1
- USN-4186-1
- USN-4209-1
- USN-4209-1
- USN-4210-1
- USN-4210-1
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Modified: 2024-11-21
CVE-2019-19076
A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2
- https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2
- https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca
- https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca
- https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/
- https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- USN-4209-1
- USN-4209-1
Modified: 2024-11-21
CVE-2019-19525
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
- openSUSE-SU-2019:2675
- openSUSE-SU-2019:2675
- [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3
- [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
Package kernel-image-std-def updated to version 4.19.79-alt1 for branch p9 in task 239166.
Closed vulnerabilities
BDU:2019-03507
Уязвимость компонента net/wireless/nl80211.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2019-16746
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:1153
- openSUSE-SU-2020:1153
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-057d691fd4
- FEDORA-2019-057d691fd4
- https://marc.info/?l=linux-wireless&m=156901391225058&w=2
- https://marc.info/?l=linux-wireless&m=156901391225058&w=2
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4183-1
- USN-4183-1
- USN-4186-1
- USN-4186-1
- USN-4209-1
- USN-4209-1
- USN-4210-1
- USN-4210-1
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html