ALT Linux Team

Branch sisyphus update on 2020-02-17

2020-02-17

ALT-BU-2020-3654-1

Branch sisyphus update bulletin.

ALT-PU-2020-1240-1

Package mariadb updated to version 10.4.12-alt1 for branch sisyphus in task 245751.

Closed vulnerabilities

Published: 2020-01-14

BDU:2020-00431

Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-02-04

BDU:2021-05136

Уязвимость функции mysql_install_db системы управления базами данных MariaDB, связанная с некорректным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-01-15
Modified: 2024-11-21

CVE-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-02-04
Modified: 2024-11-21

CVE-2020-7221

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2020-1241-1

Package systemd updated to version 244.3-alt1 for branch sisyphus in task 246370.

Closed vulnerabilities

Published: 2020-02-05

BDU:2020-02039

Уязвимость системы инициализации Linux systemd, связанная с обращением к памяти после ее освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2020-03-31
Modified: 2024-11-21

CVE-2020-1712

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2020-1242-1

Package startup-rescue updated to version 0.32-alt4 for branch sisyphus in task 246283.

Closed bugs

Bug #38089

Зависает загрузка на этапе конфигрурирования wlan-интерфейса

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top