ALT-BU-2020-3678-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 5.5.7-alt1 for branch sisyphus in task 247162.
Closed vulnerabilities
BDU:2020-01075
Уязвимость функции rwsem_down_write_slowpath (kernel/locking/rwsem.c) ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2020-01076
Уязвимость архитектуры AArch64 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-04742
Уязвимость реализации вызова VT_RESIZEX ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb
Modified: 2024-11-21
CVE-2020-9383
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
- openSUSE-SU-2020:0388
- openSUSE-SU-2020:0388
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530
- https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
- https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200313-0003/
- https://security.netapp.com/advisory/ntap-20200313-0003/
- USN-4342-1
- USN-4342-1
- USN-4344-1
- USN-4344-1
- USN-4345-1
- USN-4345-1
- USN-4346-1
- USN-4346-1
- DSA-4698
- DSA-4698
Modified: 2024-11-21
CVE-2020-9391
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
- [oss-security] 20200225 CVE-2020-9391: Ignoring the top byte of addresses in brk causes heap corruption (AArch64)
- [oss-security] 20200225 CVE-2020-9391: Ignoring the top byte of addresses in brk causes heap corruption (AArch64)
- https://bugzilla.redhat.com/show_bug.cgi?id=1797052
- https://bugzilla.redhat.com/show_bug.cgi?id=1797052
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a
- FEDORA-2020-3cd64d683c
- FEDORA-2020-3cd64d683c
- https://security.netapp.com/advisory/ntap-20200313-0003/
- https://security.netapp.com/advisory/ntap-20200313-0003/