ALT Linux Team

Branch p10 update on 2022-07-15

2022-07-15

ALT-BU-2022-5477-1

Branch p10 update bulletin.

ALT-PU-2022-2243-1

Package nginx updated to version 1.22.0-alt1 for branch p10 in task 303520.

Closed vulnerabilities

Published: 2022-03-23
Modified: 2024-11-21

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References:

ALT-PU-2022-2245-1

Package docs-alt-kworkstation updated to version 10.1-alt2 for branch p10 in task 303630.

Closed bugs

Bug #43143

Опечатка в примечании о создании подтомов в документации для Workstation K 10.1

Bug #43144

Ошибка в примечании о установке загрузчика в документации для Workstation K 10.1

Bug #43151

Некорректный синтаксис команды для установки пакетов для работы сканеров в документации для Workstation K 10.1

ALT-PU-2022-2248-1

Package kernel-image-un-def updated to version 5.15.54-alt1 for branch p10 in task 303585.

Closed vulnerabilities

Published: 2022-07-03

BDU:2022-04733

Уязвимость функция nft_set_elem_init файла net/netfilter/nf_tables_api.c компонента User Namespace Handler ядра операционной системы Linux, позволяющая нарушителю получить root доступ

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-07-05
Modified: 2024-11-21

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2022-2249-1

Package make-initrd updated to version 2.27.1-alt1 for branch p10 in task 303324.

Closed bugs

Bug #42322

make-initrd failure with custom kernel

Bug #42987

Не работает пропись в /etc/luks.keys файла с паролем от LUKS раздела.

Bug #43056

Добавить в luks поддержку /etc/crypttab

ALT-PU-2022-2250-1

Package kernel-image-std-def updated to version 5.10.130-alt1 for branch p10 in task 303586.

Closed vulnerabilities

Published: 2022-07-03

BDU:2022-04733

Уязвимость функция nft_set_elem_init файла net/netfilter/nf_tables_api.c компонента User Namespace Handler ядра операционной системы Linux, позволяющая нарушителю получить root доступ

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-07-05
Modified: 2024-11-21

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top