ALT-BU-2023-6576-1
Branch sisyphus update bulletin.
Closed bugs
Просьба обновить до 5 версии
Package lego-mindstorms-udev-rules updated to version 0.0.3-alt1 for branch sisyphus in task 332494.
Closed bugs
На части устройств правило udev не срабатывает
Closed bugs
Требуется зависимость mlt7 для flowblade
Package transmission updated to version 4.0.4-alt2 for branch sisyphus in task 332497.
Closed bugs
Сервис transmission-daemon имеет статус failed
Closed vulnerabilities
BDU:2023-03856
Уязвимость функции spider_db_mbase::print_warnings() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-03
CVE-2022-47015
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
- https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954
- https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954
- [debian-lts-announce] 20230604 [SECURITY] [DLA 3444-1] mariadb-10.3 security update
- [debian-lts-announce] 20230604 [SECURITY] [DLA 3444-1] mariadb-10.3 security update
- FEDORA-2023-381f23a0ae
- FEDORA-2023-381f23a0ae
- FEDORA-2023-b4ff407364
- FEDORA-2023-b4ff407364
- https://security.netapp.com/advisory/ntap-20230309-0009/
- https://security.netapp.com/advisory/ntap-20230309-0009/
Closed bugs
Обновление исходников до версии 10.9.6
Package kernel-image-centos updated to version 5.14.0.378-alt1.el9 for branch sisyphus in task 332503.
Closed vulnerabilities
BDU:2023-02527
Уязвимость функции can_rcv_filter() в модуле net/can/af_can.c ядра операционной системы Linux в функции can_rcv_filter(), позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-05963
Уязвимость функции kmalloc_reserve() в модуле net/core/skbuff.c сетевой подсистемы ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-02-05
CVE-2023-2166
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
Modified: 2024-11-21
CVE-2023-42752
An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.
- http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
- http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
- https://access.redhat.com/security/cve/CVE-2023-42752
- https://access.redhat.com/security/cve/CVE-2023-42752
- RHBZ#2239828
- RHBZ#2239828
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=915d975b2ffa
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=915d975b2ffa
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c3b704d4a4a2
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c3b704d4a4a2
Closed bugs
В пакет не упакован сервис unfs3.service