ALT-BU-2020-3621-1
Branch p9 update bulletin.
Package kernel-image-un-def updated to version 5.4.14-alt1 for branch p9 in task 244837.
Closed vulnerabilities
BDU:2020-02140
Уязвимость функции mptctl_ioctl (drivers/message/fusion/mptctl.c) ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2020-12652
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
- openSUSE-SU-2020:0801
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b
- https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200608-0001/
- DSA-4698
- openSUSE-SU-2020:0801
- DSA-4698
- https://security.netapp.com/advisory/ntap-20200608-0001/
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
Package nagios-nrpe updated to version 3.2.1-alt3 for branch p9 in task 244727.
Closed vulnerabilities
BDU:2019-01845
Уязвимость утилиты удалённого выполнения плагинов Nagios Remote Plugin Executor, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
BDU:2019-01845
Уязвимость утилиты удалённого выполнения плагинов Nagios Remote Plugin Executor, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2014-2913
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
- FEDORA-2015-15398
- FEDORA-2015-15398
- SUSE-SU-2014:0682
- SUSE-SU-2014:0682
- openSUSE-SU-2014:0594
- openSUSE-SU-2014:0594
- openSUSE-SU-2014:0603
- openSUSE-SU-2014:0603
- 20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- 20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- 20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- 20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- [oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- [oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- [oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- [oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
- 66969
- 66969