ALT-BU-2021-3706-1
Branch sisyphus update bulletin.
Package kernel-image-rt updated to version 4.19.165-alt1.rt70 for branch sisyphus in task 265188.
Closed vulnerabilities
BDU:2021-00005
Уязвимость компонента drivers/tty/tty_jobctrl.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-00014
Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- GLSA-202107-30
- GLSA-202107-30
- https://security.netapp.com/advisory/ntap-20210205-0001/
- https://security.netapp.com/advisory/ntap-20210205-0001/
- DSA-4843
- DSA-4843
- https://xenbits.xenproject.org/xsa/advisory-350.html
- https://xenbits.xenproject.org/xsa/advisory-350.html
Modified: 2024-11-21
CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
- http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
- http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- [oss-security] 20201210 2 kernel issues
- [oss-security] 20201210 2 kernel issues
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2020-bc0cc81a7a
- FEDORA-2020-bc0cc81a7a
- FEDORA-2020-b732958765
- FEDORA-2020-b732958765
- https://security.netapp.com/advisory/ntap-20210122-0001/
- https://security.netapp.com/advisory/ntap-20210122-0001/
- DSA-4843
- DSA-4843
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html