ALT-BU-2019-4136-3

Branch sisyphus update bulletin.

Package easypaint updated to version 0.1.1-alt3.1 for branch sisyphus in task 243175.

Опечатка в адресе багтрекера easypaint

Package kernel-image-std-def updated to version 4.19.90-alt1 for branch sisyphus in task 243161.

Уязвимость функций ext4_put_super, dump_orphan_list ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2019-19447

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package kernel-image-un-def updated to version 5.4.4-alt1 for branch sisyphus in task 243170.

Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2019-19447

Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2019-12-19

ALT-BU-2019-4136-3

ALT-PU-2019-3322-1

Closed bugs

Bug #37477

ALT-PU-2019-4230-1

Closed vulnerabilities

BDU:2020-00305

CVE-2019-19447

ALT-PU-2019-4243-1

Closed vulnerabilities

BDU:2020-00305

CVE-2019-19447