ALT-BU-2023-3067-1
Branch sisyphus update bulletin.
Package admx-basealt updated to version 0.1.12.4-alt1 for branch sisyphus in task 317951.
Closed bugs
Опечатка в описании политики Группы для контроля доступа к серверу OpenSSH
Closed vulnerabilities
BDU:2023-03407
Уязвимость функции heif::Fraction::round() в box.cc декодера форматов файлов HEIF и AVIF libheif, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-29
CVE-2023-29659
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
Closed bugs
eagle не запускается после установки
epm play icq: Failed to find Requires
epm play liteide: cannot find go in PATH
epm full-upgrade: ошибка обновления snap-пакетов в тех случаях, когда snapd ранее не использовался
Package kernel-image-centos updated to version 5.14.0.295-alt1.el9 for branch sisyphus in task 317946.
Closed vulnerabilities
BDU:2022-07509
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ и повысить свои привилегии
BDU:2023-00945
Уязвимость драйвера Bluetooth ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2023-01797
Уязвимость функции tun_free_netdev() виртуальных сетевых драйверов TUN/TAP ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2025-02-13
CVE-2022-2196
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
- https://kernel.dance/#2e7eab81425a
- https://kernel.dance/#2e7eab81425a
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://security.netapp.com/advisory/ntap-20230223-0002/
Modified: 2024-11-21
CVE-2022-42895
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
Modified: 2025-02-14
CVE-2022-4744
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
- http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
- http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://security.netapp.com/advisory/ntap-20230526-0009/
- https://security.netapp.com/advisory/ntap-20230526-0009/