ALT-BU-2020-4158-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-26570
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
- [oss-security] 20201124 OpenSC 0.21.0 released
- [oss-security] 20201124 OpenSC 0.21.0 released
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
- https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
- https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
- [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update
- [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update
- FEDORA-2020-7c80831ffe
- FEDORA-2020-7c80831ffe
Modified: 2024-11-21
CVE-2020-26571
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
- [oss-security] 20201124 OpenSC 0.21.0 released
- [oss-security] 20201124 OpenSC 0.21.0 released
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
- [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update
- [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update
- FEDORA-2020-7c80831ffe
- FEDORA-2020-7c80831ffe
Modified: 2024-11-21
CVE-2020-26572
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
- [oss-security] 20201124 OpenSC 0.21.0 released
- [oss-security] 20201124 OpenSC 0.21.0 released
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
- https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
- https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
- [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update
- [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update
- FEDORA-2020-7c80831ffe
- FEDORA-2020-7c80831ffe
Package kernel-image-std-pae updated to version 5.4.79-alt1 for branch sisyphus in task 262251.
Closed vulnerabilities
BDU:2021-03412
Уязвимость ядра операционной системы Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- ibm-i-cve20204788-info-disc (189296)
- ibm-i-cve20204788-info-disc (189296)
- FEDORA-2020-8c15928d23
- FEDORA-2020-8c15928d23
- FEDORA-2020-4700a73bd5
- FEDORA-2020-4700a73bd5
- https://www.ibm.com/support/pages/node/6370729
- https://www.ibm.com/support/pages/node/6370729
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Package kernel-image-std-debug updated to version 5.4.79-alt1 for branch sisyphus in task 262247.
Closed vulnerabilities
BDU:2021-03412
Уязвимость ядра операционной системы Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- ibm-i-cve20204788-info-disc (189296)
- ibm-i-cve20204788-info-disc (189296)
- FEDORA-2020-8c15928d23
- FEDORA-2020-8c15928d23
- FEDORA-2020-4700a73bd5
- FEDORA-2020-4700a73bd5
- https://www.ibm.com/support/pages/node/6370729
- https://www.ibm.com/support/pages/node/6370729
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed vulnerabilities
BDU:2019-04671
Уязвимость служебных утилит e2fsprogs для работы с файловыми системами ext2, ext3 и ext4, связанная с записью за границами кучи, позволяющая нарушителю выполнить произвольный код
BDU:2021-03599
Уязвимость функции повторного хэширования набора утилит для работы с файловыми системами E2fsprogs, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
- [debian-lts-announce] 20190928 [SECURITY] [DLA 1935-1] e2fsprogs security update
- [debian-lts-announce] 20190928 [SECURITY] [DLA 1935-1] e2fsprogs security update
- FEDORA-2020-a724cc7926
- FEDORA-2020-a724cc7926
- FEDORA-2020-01ed02451f
- FEDORA-2020-01ed02451f
- 20190929 [SECURITY] [DSA 4535-1] e2fsprogs security update
- 20190929 [SECURITY] [DSA 4535-1] e2fsprogs security update
- GLSA-202003-05
- GLSA-202003-05
- https://security.netapp.com/advisory/ntap-20200115-0002/
- https://security.netapp.com/advisory/ntap-20200115-0002/
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
- USN-4142-1
- USN-4142-1
- USN-4142-2
- USN-4142-2
- DSA-4535
- DSA-4535
Modified: 2024-11-21
CVE-2019-5188
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
- openSUSE-SU-2020:0166
- openSUSE-SU-2020:0166
- [debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update
- [debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update
- FEDORA-2020-a724cc7926
- FEDORA-2020-a724cc7926
- FEDORA-2020-01ed02451f
- FEDORA-2020-01ed02451f
- https://security.netapp.com/advisory/ntap-20220506-0001/
- https://security.netapp.com/advisory/ntap-20220506-0001/
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
- USN-4249-1
- USN-4249-1