ALT-BU-2021-3719-2
Branch sisyphus update bulletin.
Package kernel-image-mp updated to version 5.10.12-alt1 for branch sisyphus in task 265584.
Closed vulnerabilities
BDU:2021-01616
Уязвимость реализации функций dev_map_init_map и sock_map_alloc ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение системы или повысить свои привилегии
BDU:2021-02592
Уязвимость компонента fs/nfsd/nfs3xdr.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2021-02593
Уязвимость компонента PI futexes ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код на уровне ядра
BDU:2023-01284
Уязвимость реализации протокола TIPC (Transparent Inter Process Communication) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-20268
An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1923816
- https://bugzilla.redhat.com/show_bug.cgi?id=1923816
- https://lore.kernel.org/bpf/CACAyw99bEYWJCSGqfLiJ9Jp5YE1ZsZSiJxb4RFUTwbofipf0dA%40mail.gmail.com/T/#m8929643e99bea9c18ed490a7bc2591145eac6444
- https://lore.kernel.org/bpf/CACAyw99bEYWJCSGqfLiJ9Jp5YE1ZsZSiJxb4RFUTwbofipf0dA%40mail.gmail.com/T/#m8929643e99bea9c18ed490a7bc2591145eac6444
- https://security.netapp.com/advisory/ntap-20210409-0006/
- https://security.netapp.com/advisory/ntap-20210409-0006/
Modified: 2024-11-21
CVE-2021-3178
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2021-3bcc7198c8
- FEDORA-2021-3bcc7198c8
- https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/
- https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/
Modified: 2024-11-21
CVE-2021-3347
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2021-6e805a5051
- FEDORA-2021-6e805a5051
- FEDORA-2021-879c756377
- FEDORA-2021-879c756377
- https://security.netapp.com/advisory/ntap-20210304-0005/
- https://security.netapp.com/advisory/ntap-20210304-0005/
- DSA-4843
- DSA-4843
- https://www.openwall.com/lists/oss-security/2021/01/29/1
- https://www.openwall.com/lists/oss-security/2021/01/29/1
- https://www.openwall.com/lists/oss-security/2021/01/29/3
- https://www.openwall.com/lists/oss-security/2021/01/29/3
Modified: 2024-11-21
CVE-2023-1390
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
- https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
- https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
- https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6
- https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6
- https://infosec.exchange/%40_mattata/109427999461122360
- https://infosec.exchange/%40_mattata/109427999461122360
- https://security.netapp.com/advisory/ntap-20230420-0001/
- https://security.netapp.com/advisory/ntap-20230420-0001/
Package alt-csp-cryptopro updated to version 0.0.5-alt1 for branch sisyphus in task 265586.
Closed bugs
Ошибка открытия файла после выполнения подписи с созданием контейнера
Дополнительное окно при запросе пароля на контейнер (при создании подписи)
Ошибка проверки подписи файла с созданием контейнера, если у файла есть расширение
Неинформативное сообщение про подсистему
Package kernel-image-un-def updated to version 5.10.12-alt1 for branch sisyphus in task 265576.
Closed vulnerabilities
BDU:2021-02593
Уязвимость компонента PI futexes ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код на уровне ядра
Modified: 2024-11-21
CVE-2021-3347
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210129 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes
- [oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2021-6e805a5051
- FEDORA-2021-6e805a5051
- FEDORA-2021-879c756377
- FEDORA-2021-879c756377
- https://security.netapp.com/advisory/ntap-20210304-0005/
- https://security.netapp.com/advisory/ntap-20210304-0005/
- DSA-4843
- DSA-4843
- https://www.openwall.com/lists/oss-security/2021/01/29/1
- https://www.openwall.com/lists/oss-security/2021/01/29/1
- https://www.openwall.com/lists/oss-security/2021/01/29/3
- https://www.openwall.com/lists/oss-security/2021/01/29/3
Closed bugs
Установлены, но не подключаются плагины vnc и rdp
Package telegram-desktop updated to version 2.5.8-alt1 for branch sisyphus in task 265562.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-27351
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
Package python-module-parso updated to version 0.5.1-alt2 for branch sisyphus in task 265625.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration.