ALT-BU-2021-4174-1
Branch sisyphus update bulletin.
Closed bugs
pstree output cannot be redirected to a file
Package kernel-image-un-def updated to version 5.13.14-alt1 for branch sisyphus in task 284500.
Closed vulnerabilities
BDU:2021-04853
Уязвимость функции ext4_write_inline_data_end (fs/ext4/inline.c) ядра операционной системы Linux, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
BDU:2021-05536
Уязвимость реализации функции check_map_func_compatibility() ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2021-34866
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.
Modified: 2024-11-21
CVE-2021-40490
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
- FEDORA-2021-60f1d2eba1
- FEDORA-2021-60f1d2eba1
- FEDORA-2021-4ca1b080bb
- FEDORA-2021-4ca1b080bb
- https://security.netapp.com/advisory/ntap-20211004-0001/
- https://security.netapp.com/advisory/ntap-20211004-0001/
- DSA-4978
- DSA-4978
Package cyrus-imapd updated to version 3.2.8-alt1 for branch sisyphus in task 284607.
Closed vulnerabilities
BDU:2022-01804
Уязвимость почтового сервера Cyrus IMAP, связанная с использованием криптографических алгоритмов, содержащих дефекты, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-33582
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
- https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
- https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
- https://github.com/cyrusimap/cyrus-imapd/commits/master
- https://github.com/cyrusimap/cyrus-imapd/commits/master
- https://github.com/cyrusimap/cyrus-imapd/security/advisories
- https://github.com/cyrusimap/cyrus-imapd/security/advisories
- [debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update
- [debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update
- FEDORA-2022-d45bcc5447
- FEDORA-2022-d45bcc5447
- FEDORA-2022-c30b1a8aa3
- FEDORA-2022-c30b1a8aa3
- https://www.cyrusimap.org/imap/download/release-notes/index.html
- https://www.cyrusimap.org/imap/download/release-notes/index.html