Branch sisyphus update bulletin.

Package common-licenses updated to version 1.10-alt1 for branch sisyphus in task 248491.

ALT-CyrusIMAP переименовать без IMAP и обновить

Package libwebkitgtk3 updated to version 2.4.11-alt10 for branch sisyphus in task 248505.

Новая сборка libwebkitgtk3 вызывает сегфолты 1C

Package kernel-image-std-pae updated to version 5.4.28-alt1 for branch sisyphus in task 248522.

Published: 2019-12-11

BDU:2020-00338

Уязвимость функции perf_trace_lock_acquire ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

References:

CVE-2019-19769

Published: 2019-12-12
Modified: 2024-11-21

CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Package kernel-image-std-def updated to version 5.4.28-alt1 for branch sisyphus in task 248513.

Published: 2019-12-11

BDU:2020-00338

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

References:

CVE-2019-19769

Published: 2019-12-12
Modified: 2024-11-21

CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Package kernel-image-un-def updated to version 5.5.12-alt1 for branch sisyphus in task 248525.

Published: 2019-12-11

BDU:2020-00338

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

References:

CVE-2019-19769

Published: 2019-12-12
Modified: 2024-11-21

CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Package libvirt updated to version 6.1.0-alt1 for branch sisyphus in task 248555.

Published: 2020-05-02

BDU:2022-05833

Уязвимость функции qemuDomainGetStatsIOThread компонента qemu_driver.c библиотеки управления виртуализацией Libvirt, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2020-12430

Published: 2020-04-28
Modified: 2024-11-21

CVE-2020-12430

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Branch sisyphus update on 2020-03-26

ALT-BU-2020-3724-1

ALT-PU-2020-1575-1

Closed bugs

Bug #38223

ALT-PU-2020-1577-1

Closed bugs

Bug #38256

ALT-PU-2020-1578-1

Closed vulnerabilities

BDU:2020-00338

CVE-2019-19769

ALT-PU-2020-1582-1

Closed vulnerabilities

BDU:2020-00338

CVE-2019-19769

ALT-PU-2020-1594-1

Closed vulnerabilities

BDU:2020-00338

CVE-2019-19769

ALT-PU-2020-1595-1

Closed vulnerabilities

BDU:2022-05833

CVE-2020-12430