ALT-BU-2022-4996-1
Branch sisyphus update bulletin.
Closed bugs
unable to run command /usr/lib/pacemaker/pacemaker-schedulerd metadata: No such file or directory
Package kernel-image-un-def updated to version 5.17.9-alt1 for branch sisyphus in task 300156.
Closed vulnerabilities
BDU:2022-03921
Уязвимость ядра операционной системы Linux, связанная с недостаточной энтропией, позволяющая нарушителю идентифицировать клиентов
Modified: 2024-11-21
CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
- https://arxiv.org/abs/2209.12993
- https://arxiv.org/abs/2209.12993
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
- https://github.com/0xkol/rfc6056-device-tracker
- https://github.com/0xkol/rfc6056-device-tracker
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- DSA-5173
- DSA-5173
Package kernel-image-std-def updated to version 5.15.41-alt1 for branch sisyphus in task 300160.
Closed vulnerabilities
BDU:2022-02112
Уязвимость реализации функции xs_xprt_free() системы удаленного вызова процедур Sun RPC (Open Network Computing Remote Procedure Call) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-28893
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
- [oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
- [oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
- [oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
- [oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
- [oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
- [oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
- https://security.netapp.com/advisory/ntap-20220526-0002/
- https://security.netapp.com/advisory/ntap-20220526-0002/
- DSA-5161
- DSA-5161
Package xfce4-settings updated to version 4.16.2-alt4 for branch sisyphus in task 300192.
Closed bugs
Редактируемые комбинации клавиш не работают