ALT-BU-2020-3918-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 5.7.8-alt1 for branch sisyphus in task 254737.
Closed vulnerabilities
Modified: 2025-01-29
BDU:2021-03188
Уязвимость компонента fs/nfsd/vfs.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
- https://security.netapp.com/advisory/ntap-20200904-0003/
- https://usn.ubuntu.com/4465-1/
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4485-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.starwindsoftware.com/security/sw-20210325-0004/
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
- https://security.netapp.com/advisory/ntap-20200904-0003/
- https://usn.ubuntu.com/4465-1/
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4485-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.starwindsoftware.com/security/sw-20210325-0004/
Closed bugs
Executable stack in mpeg2desc
Closed vulnerabilities
BDU:2020-01056
Уязвимость реализации протокола Kerberos операционных систем Red Hat Enterprise Linux, Fedora, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-14844
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
- https://github.com/krb5/krb5/pull/981
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK/
- https://security.netapp.com/advisory/ntap-20220325-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
- https://github.com/krb5/krb5/pull/981
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK/
- https://security.netapp.com/advisory/ntap-20220325-0003/
Package installer-distro-alt-server-v updated to version 9.0.1-alt1 for branch sisyphus in task 254590.
Closed bugs
Обновить профиль разметки дисков для PVE