ALT-BU-2022-4031-1
Branch sisyphus update bulletin.
Package kernel-image-centos updated to version 5.14.0.60-alt1.el9 for branch sisyphus in task 295404.
Closed vulnerabilities
BDU:2022-00095
Уязвимость реализации функций close() и fget() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
- https://bugzilla.redhat.com/show_bug.cgi?id=2029923
- https://bugzilla.redhat.com/show_bug.cgi?id=2029923
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20220217-0005/
- https://security.netapp.com/advisory/ntap-20220217-0005/
- DSA-5096
- DSA-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed vulnerabilities
BDU:2022-05761
Уязвимость команды shell командной оболочки для интерактивных вычислений IPython, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-21699
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
- [debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update
- [debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update
- FEDORA-2022-b58d156ab0
- FEDORA-2022-b58d156ab0
- FEDORA-2022-b9e38f8a56
- FEDORA-2022-b9e38f8a56
Package xorg-cf-files updated to version 1.0.7-alt1 for branch sisyphus in task 295412.
Closed bugs
xmkmf формирует неверный AR = ar clq