ALT-BU-2023-4940-1
Branch sisyphus update bulletin.
Package kernel-modules-virtualbox-addition-un-def updated to version 7.0.10-alt1.394249.1 for branch sisyphus in task 327142.
Closed vulnerabilities
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-un-def updated to version 7.0.10-alt1.394249.1 for branch sisyphus in task 327142.
Closed vulnerabilities
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-std-def updated to version 7.0.10-alt1.393517.1 for branch sisyphus in task 327142.
Closed vulnerabilities
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package kernel-modules-virtualbox-addition-std-def updated to version 7.0.10-alt1.393517.1 for branch sisyphus in task 327142.
Closed vulnerabilities
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package virtualbox updated to version 7.0.10-alt1 for branch sisyphus in task 327142.
Closed vulnerabilities
BDU:2023-03898
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03925
Уязвимость компонента Core виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением
BDU:2023-04240
Уязвимость ядра виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-22016
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22017
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2023-22018
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Package openssl-gost-engine updated to version 3.0.2-alt1 for branch sisyphus in task 327158.
Closed bugs
control openssl-gost disabled не удаляет пустую строку в конфиге
Package kernel-image-centos updated to version 5.14.0.354-alt1.el9 for branch sisyphus in task 327173.
Closed vulnerabilities
BDU:2023-03642
Уязвимость реализации протокола IPv6 ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-1206
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
- https://bugzilla.redhat.com/show_bug.cgi?id=2175903
- https://bugzilla.redhat.com/show_bug.cgi?id=2175903
- [debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update
- [debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update
- [debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update
- [debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update
- https://security.netapp.com/advisory/ntap-20230929-0006/
- https://security.netapp.com/advisory/ntap-20230929-0006/
- DSA-5480
- DSA-5480
- DSA-5492
- DSA-5492
Package kernel-image-un-def updated to version 6.4.10-alt1 for branch sisyphus in task 326930.
Closed bugs
Поддержка AMD P-State