ALT-BU-2020-3633-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2020-01442
Уязвимость браузера Google Chrome, связанная с использованием после освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01443
Уязвимость браузера Google Chrome, связанная с использованием после освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01444
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, связанная с использованием памяти после ее освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01445
Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01803
Уязвимость механизма подбора музыки браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
BDU:2021-01061
Уязвимость функции распознавания речи SpeechRecognizerImpl::Abort веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01062
Уязвимость компонента распознавания речи Speech Recognizer веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01063
Уязвимость расширений веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Modified: 2024-11-21
CVE-2019-13767
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- openSUSE-SU-2020:0007
- openSUSE-SU-2020:0007
- http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html
- http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
- https://crbug.com/1031653
- https://crbug.com/1031653
- FEDORA-2020-4355ea258e
- FEDORA-2020-4355ea258e
- 20200120 [SECURITY] [DSA 4606-1] chromium security update
- 20200120 [SECURITY] [DSA 4606-1] chromium security update
- GLSA-202003-08
- GLSA-202003-08
- DSA-4606
- DSA-4606
Modified: 2024-11-21
CVE-2020-6377
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- openSUSE-SU-2020:0006
- openSUSE-SU-2020:0006
- openSUSE-SU-2020:0009
- openSUSE-SU-2020:0009
- openSUSE-SU-2020:0053
- openSUSE-SU-2020:0053
- RHSA-2020:0084
- RHSA-2020:0084
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
- https://crbug.com/1029462
- https://crbug.com/1029462
- FEDORA-2020-4355ea258e
- FEDORA-2020-4355ea258e
- FEDORA-2020-581537c8aa
- FEDORA-2020-581537c8aa
- 20200120 [SECURITY] [DSA 4606-1] chromium security update
- 20200120 [SECURITY] [DSA 4606-1] chromium security update
- GLSA-202003-08
- GLSA-202003-08
- DSA-4606
- DSA-4606
Modified: 2024-11-21
CVE-2020-6378
Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
- https://crbug.com/1018677
- https://crbug.com/1018677
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-39e0b8bd14
- GLSA-202003-08
- GLSA-202003-08
Modified: 2024-11-21
CVE-2020-6379
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
- https://crbug.com/1033407
- https://crbug.com/1033407
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-39e0b8bd14
- GLSA-202003-08
- GLSA-202003-08
Modified: 2024-11-21
CVE-2020-6380
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
- https://crbug.com/1032170
- https://crbug.com/1032170
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-39e0b8bd14
- GLSA-202003-08
- GLSA-202003-08
Closed vulnerabilities
BDU:2021-01309
Уязвимость функции get_8bit_row (rdbmp.c) библиотеки программ libjpeg, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
- openSUSE-SU-2019:1118
- openSUSE-SU-2019:1118
- openSUSE-SU-2019:1343
- openSUSE-SU-2019:1343
- RHSA-2019:2052
- RHSA-2019:2052
- RHSA-2019:3705
- RHSA-2019:3705
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/mozilla/mozjpeg/issues/299
- https://github.com/mozilla/mozjpeg/issues/299
- [debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update
- [debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- FEDORA-2019-87e2fa8e0f
- FEDORA-2019-87e2fa8e0f
- USN-4190-1
- USN-4190-1
Modified: 2024-11-21
CVE-2020-17541
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
Package kernel-image-un-def updated to version 5.4.17-alt1 for branch sisyphus in task 245458.
Closed vulnerabilities
BDU:2019-04798
Уязвимость функции add_ie_rates (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01796
Уязвимость функции lbs_ibss_join_existing (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02429
Уязвимость компонента drivers/spi/spi-dw.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-03830
Уязвимость ядра операционной системы Linux, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-14896
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-91f6e7bb71
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4225-1
- USN-4225-1
- USN-4225-2
- USN-4225-2
- USN-4226-1
- USN-4226-1
- USN-4227-1
- USN-4227-1
- USN-4227-2
- USN-4227-2
- USN-4228-1
- USN-4228-1
- USN-4228-2
- USN-4228-2
Modified: 2024-11-21
CVE-2019-14897
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-91f6e7bb71
- USN-4225-1
- USN-4225-1
- USN-4225-2
- USN-4225-2
- USN-4226-1
- USN-4226-1
- USN-4227-1
- USN-4227-1
- USN-4227-2
- USN-4227-2
- USN-4228-1
- USN-4228-1
- USN-4228-2
- USN-4228-2
Modified: 2024-11-21
CVE-2020-12769
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
- openSUSE-SU-2020:0801
- openSUSE-SU-2020:0935
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://lkml.org/lkml/2020/2/3/559
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4391-1
- openSUSE-SU-2020:0801
- USN-4391-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lkml.org/lkml/2020/2/3/559
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17
- openSUSE-SU-2020:0935
Modified: 2024-11-21
CVE-2020-14416
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
- openSUSE-SU-2020:0935
- openSUSE-SU-2020:0935
- openSUSE-SU-2020:1153
- openSUSE-SU-2020:1153
- https://bugzilla.suse.com/show_bug.cgi?id=1162002
- https://bugzilla.suse.com/show_bug.cgi?id=1162002
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ace17d56824165c7f4c68785d6b58971db954dd
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ace17d56824165c7f4c68785d6b58971db954dd
Package supertuxkart-data updated to version 1.1-alt2 for branch sisyphus in task 245387.
Closed bugs
действительно нужен php?
Package supertuxkart updated to version 1.1-alt2 for branch sisyphus in task 245387.
Closed bugs
действительно нужен libbluez-devel для _установки_?
Closed vulnerabilities
BDU:2020-01598
Уязвимость реализации механизма HMAC-SHA-256 криптографической библиотеки GnuTLS, позволяющая нарушителю осуществить атаку типа «Lucky 13» и атаку с восстановлением открытого текста
BDU:2020-01599
Уязвимость реализации механизма HMAC-SHA-384 криптографической библиотеки GnuTLS, позволяющая нарушителю осуществить атаку типа «Lucky 13» и атаку с восстановлением открытого текста
Modified: 2024-11-21
CVE-2018-10844
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
- 105138
- 105138
- RHSA-2018:3050
- RHSA-2018:3050
- RHSA-2018:3505
- RHSA-2018:3505
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844
- https://eprint.iacr.org/2018/747
- https://eprint.iacr.org/2018/747
- https://gitlab.com/gnutls/gnutls/merge_requests/657
- https://gitlab.com/gnutls/gnutls/merge_requests/657
- [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
- [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
- FEDORA-2020-d14280a6e8
- FEDORA-2020-d14280a6e8
- FEDORA-2020-f90fb78f70
- FEDORA-2020-f90fb78f70
- USN-3999-1
- USN-3999-1
Modified: 2024-11-21
CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
- 105138
- 105138
- RHSA-2018:3050
- RHSA-2018:3050
- RHSA-2018:3505
- RHSA-2018:3505
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845
- https://eprint.iacr.org/2018/747
- https://eprint.iacr.org/2018/747
- https://gitlab.com/gnutls/gnutls/merge_requests/657
- https://gitlab.com/gnutls/gnutls/merge_requests/657
- [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
- [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
- FEDORA-2020-d14280a6e8
- FEDORA-2020-d14280a6e8
- FEDORA-2020-f90fb78f70
- FEDORA-2020-f90fb78f70
- USN-3999-1
- USN-3999-1
Modified: 2024-11-21
CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
- 105138
- 105138
- RHSA-2018:3050
- RHSA-2018:3050
- RHSA-2018:3505
- RHSA-2018:3505
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846
- https://eprint.iacr.org/2018/747
- https://eprint.iacr.org/2018/747
- https://gitlab.com/gnutls/gnutls/merge_requests/657
- https://gitlab.com/gnutls/gnutls/merge_requests/657
- [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
- [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
- FEDORA-2020-d14280a6e8
- FEDORA-2020-d14280a6e8
- FEDORA-2020-f90fb78f70
- FEDORA-2020-f90fb78f70
- USN-3999-1
- USN-3999-1