ALT-BU-2023-2539-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2023-00648
Уязвимость компонента Core веб-браузера Google Chrome, позволяющая нарушителю повысить свои привилегии
BDU:2023-00649
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00650
Уязвимость компонента Data Transfer веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00651
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2023-00652
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00653
Уязвимость загрузчика веб-браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2023-00654
Уязвимость графического процессора GPU браузеров Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00754
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00929
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00930
Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю изменить содержимое пользовательского интерфейса
Modified: 2024-11-21
CVE-2023-0696
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0697
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0698
Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1403573
- https://crbug.com/1403573
- GLSA-202309-17
- GLSA-202309-17
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
Modified: 2024-11-21
CVE-2023-0699
Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0700
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0701
Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0702
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0703
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0704
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0705
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Closed bugs
Поиск через yandex по умолчанию
Package kernel-image-centos updated to version 5.14.0.265-alt1.el9 for branch sisyphus in task 315074.
Closed vulnerabilities
BDU:2022-06272
Уязвимость функции cfg80211_update_notlisted_nontrans файла net/wireless/scan.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
BDU:2022-06273
Уязвимость функционала подсчета ссылок в режиме BSS (Basic Service Set) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
BDU:2022-06548
Уязвимость функции l2cap_recv_acldata() (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-07350
Уязвимость функционала подсчета ссылок в режиме BSS (Basic Service Set) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
BDU:2022-07351
Уязвимость ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00718
Уязвимость подсистемы Traffic Control Subsystem ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2023-11-07
CVE-2022-3522
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Modified: 2024-11-21
CVE-2022-3619
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=97097c85c088e11651146da32a4e1cdb9dfa6193
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=97097c85c088e11651146da32a4e1cdb9dfa6193
- https://vuldb.com/?id.211918
- https://vuldb.com/?id.211918
Modified: 2024-11-21
CVE-2022-41674
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://www.openwall.com/lists/oss-security/2022/10/13/2
- http://www.openwall.com/lists/oss-security/2022/10/13/2
- https://bugzilla.suse.com/show_bug.cgi?id=1203770
- https://bugzilla.suse.com/show_bug.cgi?id=1203770
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- FEDORA-2022-2cfbe17910
- FEDORA-2022-2cfbe17910
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-b948fc3cfb
- FEDORA-2022-b948fc3cfb
- DSA-5257
- DSA-5257
- https://www.openwall.com/lists/oss-security/2022/10/13/5
- https://www.openwall.com/lists/oss-security/2022/10/13/5
Modified: 2024-11-21
CVE-2022-4269
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/
- https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/
- https://security.netapp.com/advisory/ntap-20230929-0001/
- https://security.netapp.com/advisory/ntap-20230929-0001/
- https://www.debian.org/security/2023/dsa-5480
- https://www.debian.org/security/2023/dsa-5480
Modified: 2024-11-21
CVE-2022-42720
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- https://bugzilla.suse.com/show_bug.cgi?id=1204059
- https://bugzilla.suse.com/show_bug.cgi?id=1204059
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- FEDORA-2022-2cfbe17910
- FEDORA-2022-2cfbe17910
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-b948fc3cfb
- FEDORA-2022-b948fc3cfb
- https://security.netapp.com/advisory/ntap-20230203-0008/
- https://security.netapp.com/advisory/ntap-20230203-0008/
- DSA-5257
- DSA-5257
Modified: 2024-11-21
CVE-2022-42721
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- https://bugzilla.suse.com/show_bug.cgi?id=1204060
- https://bugzilla.suse.com/show_bug.cgi?id=1204060
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- FEDORA-2022-2cfbe17910
- FEDORA-2022-2cfbe17910
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-b948fc3cfb
- FEDORA-2022-b948fc3cfb
- https://security.netapp.com/advisory/ntap-20230203-0008/
- https://security.netapp.com/advisory/ntap-20230203-0008/
- DSA-5257
- DSA-5257
Modified: 2024-11-21
CVE-2022-42722
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- https://bugzilla.suse.com/show_bug.cgi?id=1204125
- https://bugzilla.suse.com/show_bug.cgi?id=1204125
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- FEDORA-2022-2cfbe17910
- FEDORA-2022-2cfbe17910
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-b948fc3cfb
- FEDORA-2022-b948fc3cfb
- https://security.netapp.com/advisory/ntap-20230203-0008/
- https://security.netapp.com/advisory/ntap-20230203-0008/
- DSA-5257
- DSA-5257
Closed bugs
Собрать nextcloud с php8.0 или php8.1 вместо php7
Package raspberrypi-firmware updated to version 20221214-alt3 for branch sisyphus in task 315182.
Closed bugs
raspberrypi-firmware: noarch пакет