ALT-BU-2021-4073-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-38597
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
Closed vulnerabilities
BDU:2022-01849
Уязвимость диссектора DNP анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-22235
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json
- https://gitlab.com/wireshark/wireshark/-/issues/17462
- https://gitlab.com/wireshark/wireshark/-/issues/17462
- [debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update
- [debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update
- GLSA-202210-04
- GLSA-202210-04
- DSA-5019
- DSA-5019
- https://www.wireshark.org/security/wnpa-sec-2021-05.html
- https://www.wireshark.org/security/wnpa-sec-2021-05.html
Closed vulnerabilities
BDU:2022-02805
Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение
Modified: 2024-11-21
CVE-2022-21427
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- [debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update
- [debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update
- https://security.netapp.com/advisory/ntap-20220429-0005/
- https://security.netapp.com/advisory/ntap-20220429-0005/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Package kernel-image-std-kvm updated to version 5.10.53-alt1 for branch sisyphus in task 280807.
Closed vulnerabilities
BDU:2021-03848
Уязвимость компонента fs/seq_file.c ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
BDU:2021-03938
Уязвимость компонента kernel/module.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2022-05676
Уязвимость функции cgroup1_parse_param компонента kernel/cgroup/cgroup-v1.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-01796
Уязвимость функции seq_buf_putmem_hex() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
Modified: 2024-11-21
CVE-2021-33909
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html
- http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- [oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- [oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- [oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- [oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
- FEDORA-2021-07dc0b3eb1
- FEDORA-2021-07dc0b3eb1
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
- https://security.netapp.com/advisory/ntap-20210819-0004/
- https://security.netapp.com/advisory/ntap-20210819-0004/
- DSA-4941
- DSA-4941
- https://www.openwall.com/lists/oss-security/2021/07/20/1
- https://www.openwall.com/lists/oss-security/2021/07/20/1
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Modified: 2024-11-21
CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
- [oss-security] 20210706 CVE-2021-35039: Linux kernel loading unsigned kernel modules via init_module syscall
- [oss-security] 20210706 CVE-2021-35039: Linux kernel loading unsigned kernel modules via init_module syscall
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0c18f29aae7ce3dadd26d8ee3505d07cc982df75
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0c18f29aae7ce3dadd26d8ee3505d07cc982df75
- https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
- https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20210813-0004/
- https://security.netapp.com/advisory/ntap-20210813-0004/
- https://www.openwall.com/lists/oss-security/2021/07/06/3
- https://www.openwall.com/lists/oss-security/2021/07/06/3
Modified: 2024-11-21
CVE-2021-4154
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002
- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
- https://security.netapp.com/advisory/ntap-20220225-0004/
- https://security.netapp.com/advisory/ntap-20220225-0004/
Modified: 2024-11-21
CVE-2023-28772
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7
- https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com
- https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/
- https://security.netapp.com/advisory/ntap-20230427-0005/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://security.netapp.com/advisory/ntap-20230427-0005/
- https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/
- https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com
- https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7
Closed bugs
distcc-server: не запускает ни один компилятор
distccd требует дополнительной конфигурации после установки/удаления компиляторов
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-40330
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
- https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
- https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
- https://github.com/git/git/compare/v2.30.0...v2.30.1
- https://github.com/git/git/compare/v2.30.0...v2.30.1
- [debian-lts-announce] 20221010 [SECURITY] [DLA 3145-1] git security update
- [debian-lts-announce] 20221010 [SECURITY] [DLA 3145-1] git security update
Closed vulnerabilities
BDU:2021-04606
Уязвимость компонента imap/util.c почтовых клиентов Mutt и NeoMutt, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
- http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html
- http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html
- https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
- https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
- https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
- https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
- GLSA-202105-05
- GLSA-202105-05
Closed bugs
linuxcnc 2.8.2 имеет ветку gtk3 с поддержкой python3