BDU:2020-05831

Уязвимость ядра операционной системы Linux, связанная с использованием памяти после её освобождения, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (4.1) Vector: AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2020-25656

Published: 2020-12-02
Modified: 2024-11-21

CVE-2020-25656

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

Severity: MEDIUM (4.1) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

References:

Package tmux updated to version 3.1c-alt1 for branch p9 in task 261177.

Published: 2020-11-06
Modified: 2024-11-21

CVE-2020-27347

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package sddm updated to version 0.18.1-alt11 for branch p9 in task 261527.

Вылет на экран авторизации при смене доменного пароля

Package firefox-esr updated to version 78.4.1-alt0.1.p9 for branch p9 in task 261517.

Published: 2020-12-09
Modified: 2024-11-21

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch p9 update on 2020-11-12

ALT-BU-2020-4136-1

ALT-PU-2020-3259-1

Closed vulnerabilities

BDU:2020-05831

CVE-2020-25656

ALT-PU-2020-3265-1

Closed vulnerabilities

CVE-2020-27347

ALT-PU-2020-3266-1

Closed bugs

Bug #36975

ALT-PU-2020-3267-1

Closed vulnerabilities

CVE-2020-26950