ALT-BU-2023-3021-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-11721
load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.
Modified: 2024-11-21
CVE-2020-19668
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.
Modified: 2024-11-21
CVE-2021-40656
libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.
Closed bugs
Добавить пакету glmark2-es2 зависимость на libGLES
Package kernel-image-un-def updated to version 6.2.9-alt1 for branch sisyphus in task 317792.
Closed vulnerabilities
BDU:2023-01778
Уязвимость функции hci_init_stage_sync() (net/bluetooth/hci_sync.c) ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2023-02090
Уязвимость функции da9150_charger_remove() драйвера drivers/power/supply/da9150-charger.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании.
BDU:2023-02800
Уязвимость драйвера сетевого устройства Qualcomm ядра операционной системы Linux в функции emac_remove(), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.
BDU:2023-02801
Уязвимость функции bq24190_remove() в модуле drivers/power/supply/bq24190_charger.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
Modified: 2024-11-21
CVE-2023-28866
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a
- https://lore.kernel.org/lkml/20230321015018.1759683-1-iam%40sung-woo.kim/
- https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz%40gmail.com
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a
- https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz%40gmail.com
- https://lore.kernel.org/lkml/20230321015018.1759683-1-iam%40sung-woo.kim/
Modified: 2024-11-21
CVE-2023-30772
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
- https://bugzilla.suse.com/show_bug.cgi?id=1210329
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://bugzilla.suse.com/show_bug.cgi?id=1210329
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
Modified: 2024-11-21
CVE-2023-33203
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
- https://bugzilla.redhat.com/show_bug.cgi?id=2192667
- https://bugzilla.suse.com/show_bug.cgi?id=1210685
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75
- https://bugzilla.redhat.com/show_bug.cgi?id=2192667
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
- https://bugzilla.suse.com/show_bug.cgi?id=1210685
Modified: 2025-03-18
CVE-2023-33288
An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=47c29d69212911f50bdcdd0564b5999a559010d4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=47c29d69212911f50bdcdd0564b5999a559010d4
- https://github.com/torvalds/linux/commit/47c29d69212911f50bdcdd0564b5999a559010d4
- https://github.com/torvalds/linux/commit/47c29d69212911f50bdcdd0564b5999a559010d4
- https://lore.kernel.org/all/CAHk-=whcaHLNpb7Mu_QX7ABwPgyRyfW-V8=v4Mv0S22fpjY4JQ%40mail.gmail.com/
- https://lore.kernel.org/all/CAHk-=whcaHLNpb7Mu_QX7ABwPgyRyfW-V8=v4Mv0S22fpjY4JQ%40mail.gmail.com/
- https://lore.kernel.org/lkml/20230309174728.233732-1-zyytlz.wz%40163.com/
- https://lore.kernel.org/lkml/20230309174728.233732-1-zyytlz.wz%40163.com/
Package kernel-image-std-def updated to version 5.15.105-alt1 for branch sisyphus in task 317793.
Closed vulnerabilities
BDU:2022-07339
Уязвимость драйвера файловой системы NFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-4379
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- FEDORA-2023-3fd7349f60
- FEDORA-2023-3fd7349f60
- FEDORA-2023-f4f9182dc8
- FEDORA-2023-f4f9182dc8
- https://seclists.org/oss-sec/2022/q4/185
- https://seclists.org/oss-sec/2022/q4/185
- https://security.netapp.com/advisory/ntap-20230223-0004/