ALT-BU-2020-3666-12
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7061
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package kernel-image-un-def updated to version 5.5.5-alt1 for branch sisyphus in task 246733.
Closed vulnerabilities
BDU:2020-01073
Уязвимость функции ext4_protect_reserved_inode (fs/ext4/block_validity.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-03360
Уязвимость функции mwifiex_cmd_append_vsie_tlv() драйвера Marvell WiFi ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
BDU:2020-03361
Уязвимость функции mwifiex_ret_wmm_get_status() драйвера Marvell WiFi ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-12653
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
- openSUSE-SU-2020:0801
- [oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200608-0001/
- DSA-4698
- openSUSE-SU-2020:0801
- DSA-4698
- https://security.netapp.com/advisory/ntap-20200608-0001/
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
- [oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver
Modified: 2024-11-21
CVE-2020-12654
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
- openSUSE-SU-2020:0801
- [oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875
- https://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4392-1
- USN-4393-1
- DSA-4698
- openSUSE-SU-2020:0801
- DSA-4698
- USN-4393-1
- USN-4392-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- https://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
- [oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver
Modified: 2024-11-21
CVE-2020-8992
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- https://patchwork.ozlabs.org/patch/1236118/
- https://patchwork.ozlabs.org/patch/1236118/
- https://security.netapp.com/advisory/ntap-20200313-0003/
- https://security.netapp.com/advisory/ntap-20200313-0003/
- USN-4318-1
- USN-4318-1
- USN-4324-1
- USN-4324-1
- USN-4342-1
- USN-4342-1
- USN-4344-1
- USN-4344-1
- USN-4419-1
- USN-4419-1
Package mate-session updated to version 1.22.2-alt2 for branch sisyphus in task 246772.
Closed bugs
Недопереведены сообщения в диалоге выхода из mate-session
Недостатки локализации в диалоге завершения работы
Closed bugs
grub-mkconfig не видит ещё две OS Linux на втором диске.
Closed bugs
os-prober 1.74 ломает работу grub