Branch sisyphus update bulletin.

Package rpcbind updated to version 1.2.6-alt1.qa1 for branch sisyphus in task 294340.

rpcbind -h 127.0.0.1 aborts at startup due to a double free bug

Package wpa_supplicant updated to version 2.10-alt2 for branch sisyphus in task 294369.

Не работает wi-fi на ноутбуке после обновления wpa_supplicant до 2.10-alt1

Package kernel-image-un-def updated to version 5.16.4-alt1 for branch sisyphus in task 294351.

Published: 2021-12-10

BDU:2022-02325

Уязвимость функции gc_data_segment (fs/f2fs/gc.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

CVE-2021-44879

Published: 2021-10-20

BDU:2022-02677

Уязвимость функции в drivers/bluetooth/virtio_bt.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2022-26878

Published: 2022-01-06

BDU:2023-01210

Уязвимость функции dwc3_qcom_probe() (drivers/usb/dwc3/dwc3-qcom.c) драйвера Qualcomm USB 3.0 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-22999

Published: 2022-01-10

BDU:2023-01212

Уязвимость функции ufs_mtk_init_va09_pwr_ctrl() (drivers/scsi/ufs/ufs-mediatek.c) драйвера UFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-23001

Published: 2022-01-06

BDU:2023-01217

Уязвимость драйвера drivers/bluetooth/hci_qca.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-23002

Published: 2022-02-14
Modified: 2024-11-21

CVE-2021-44879

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2022-03-11
Modified: 2024-11-21

CVE-2022-26878

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2023-03-01
Modified: 2025-03-20

CVE-2023-22999

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2023-03-01
Modified: 2025-03-20

CVE-2023-23001

In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2023-03-01
Modified: 2025-03-20

CVE-2023-23002

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Package cool-retro-term updated to version 1.2.0-alt1 for branch sisyphus in task 294380.

Ссылка на домашнюю страницу не работает.

Version: 2.1.0

Branch sisyphus update on 2022-01-31

ALT-BU-2022-3898-1

ALT-PU-2022-1168-1

Closed bugs

Bug #41830

ALT-PU-2022-1170-1

Closed bugs

Bug #41831

ALT-PU-2022-1171-1

Closed vulnerabilities

BDU:2022-02325

BDU:2022-02677

BDU:2023-01210

BDU:2023-01212

BDU:2023-01217

CVE-2021-44879

CVE-2022-26878

CVE-2023-22999

CVE-2023-23001

CVE-2023-23002

ALT-PU-2022-1172-1

Closed bugs

Bug #41687