ALT-BU-2023-2411-1
Branch sisyphus update bulletin.
Closed bugs
Не хватает зависимости на python3-module-tkinters у bCNC
Package kernel-image-rt updated to version 5.10.165-alt1.rt81 for branch sisyphus in task 314386.
Closed vulnerabilities
BDU:2022-07336
Уязвимость функции __do_proc_dointvec ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2023-00361
Уязвимость функций gru_set_context_option(), gru_fault() и gru_handle_user_call_os() драйвера SGI GRU ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2023-01200
Уязвимость реализации протокола Upper Level Protocol (ULP) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2025-03-07
CVE-2022-3424
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2132640
- https://bugzilla.redhat.com/show_bug.cgi?id=2132640
- https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
- https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
- https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
- https://security.netapp.com/advisory/ntap-20230406-0005/
- https://security.netapp.com/advisory/ntap-20230406-0005/
- https://www.spinics.net/lists/kernel/msg4518970.html
- https://www.spinics.net/lists/kernel/msg4518970.html
Modified: 2024-11-21
CVE-2022-4378
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html
- http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2152548
- https://bugzilla.redhat.com/show_bug.cgi?id=2152548
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
- https://seclists.org/oss-sec/2022/q4/178
- https://seclists.org/oss-sec/2022/q4/178
Modified: 2024-11-21
CVE-2023-0461
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230331-0006/
Package firefox-ublock_origin updated to version 1.46.0-alt1 for branch sisyphus in task 314404.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-32308
Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.
Closed bugs
В cinnamon не входит cinnamon-control-center
Closed bugs
bCNC вылетает при запуске на Kworkstation
Closed bugs
wrong name for the package
Closed bugs
IPTV плеер hypnotix