ALT-BU-2021-3880-1
Branch p9 update bulletin.
Package kernel-image-un-def updated to version 5.10.32-alt1 for branch p9 in task 270546.
Closed vulnerabilities
BDU:2021-04260
Уязвимость функции xt_compat_target_from_user() (net/netfilter/x_tables.c) подсистемы netfilter операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2021-04855
Уязвимость компонента net/sctp/socket.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-03028
Уязвимость функции llcp_sock_connect() операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-03139
Уязвимость функции llcp_sock_bind() протокола nfc ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-03141
Уязвимость функции llcp_sock_connect() протокола nfc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets
- [oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-21360476b6
- FEDORA-2021-21360476b6
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-d56567bdab
- FEDORA-2021-d56567bdab
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2020-25671
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-21360476b6
- FEDORA-2021-21360476b6
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-d56567bdab
- FEDORA-2021-d56567bdab
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2020-25672
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-21360476b6
- FEDORA-2021-21360476b6
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-d56567bdab
- FEDORA-2021-d56567bdab
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
- https://security.netapp.com/advisory/ntap-20210805-0010/
- https://security.netapp.com/advisory/ntap-20210805-0010/
Modified: 2024-11-21
CVE-2021-23133
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-e6b4847979
- FEDORA-2021-e6b4847979
- FEDORA-2021-8cd093f639
- FEDORA-2021-8cd093f639
- FEDORA-2021-a963f04012
- FEDORA-2021-a963f04012
- https://security.netapp.com/advisory/ntap-20210611-0008/
- https://security.netapp.com/advisory/ntap-20210611-0008/
- https://www.openwall.com/lists/oss-security/2021/04/18/2
- https://www.openwall.com/lists/oss-security/2021/04/18/2
Package alterator-vm updated to version 0.4.22-alt1 for branch p9 in task 270484.
Closed bugs
В интерфейсе установщика меняется порядок при создании шифрованного раздела
Package branding-simply-linux updated to version 9.1-alt2 for branch p9 in task 270720.
Closed bugs
Файловые конфликты с пакетом branding-alt-workstation-mate-settings