ALT-BU-2023-8396-1
Branch sisyphus update bulletin.
Package krb5-ticket-watcher updated to version 1.0.3-alt23 for branch sisyphus in task 337448.
Closed bugs
Отключить уведомления "Билет обновлён"
Package kernel-image-rt updated to version 6.1.69-alt1.rt21 for branch sisyphus in task 337451.
Closed vulnerabilities
BDU:2023-08958
Уязвимость функции nft_pipapo_walk() в модуле net/netfilter/nft_set_pipapo.c подсистемы Netfilter ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации и повысить свои привилегии в системе
Modified: 2025-02-13
CVE-2023-6817
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- http://www.openwall.com/lists/oss-security/2023/12/22/13
- http://www.openwall.com/lists/oss-security/2023/12/22/13
- http://www.openwall.com/lists/oss-security/2023/12/22/6
- http://www.openwall.com/lists/oss-security/2023/12/22/6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
- https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
- https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Closed bugs
Ошибка при попытке открыть "бутылку"
Package kernel-image-centos updated to version 5.14.0.399-alt2.el9 for branch sisyphus in task 337486.
Closed vulnerabilities
BDU:2023-00359
Уязвимость драйвера drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2023-00629
Уязвимость функции sl_tx_timeout() в модуле drivers/net/slip.c драйвера SLIP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-01801
Уязвимость функции hci_conn_hash_flush() в модуле net/bluetooth/hci_conn.c операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2023-03958
Уязвимость функции set_con2fb_map() в модуле drivers/video/fbdev/core/fbcon.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-05481
Уязвимость компонента nf_tables операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2023-06159
Уязвимость функции __ip_set_put_netlink() в модуле net/netfilter/ipset/ip_set_core.c компонента netfilter ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-06347
Уязвимость функции smb3_fs_context_parse_param() компонента fs/smb/client ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2023-08129
Уязвимость функции scatterwalk_copychunks() в модуле net/tls/tls_sw.c криптографической подсистемы ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2022-3545
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.
- https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
- https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
- [debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update
- [debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://security.netapp.com/advisory/ntap-20221223-0003/
- https://security.netapp.com/advisory/ntap-20221223-0003/
- https://vuldb.com/?id.211045
- https://vuldb.com/?id.211045
- DSA-5324
- DSA-5324
Modified: 2024-11-21
CVE-2022-41858
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
Modified: 2024-11-21
CVE-2023-28464
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/
- https://security.netapp.com/advisory/ntap-20230517-0004/
- https://www.openwall.com/lists/oss-security/2023/03/28/2
- https://www.openwall.com/lists/oss-security/2023/03/28/3
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/
- https://www.openwall.com/lists/oss-security/2023/03/28/3
- https://www.openwall.com/lists/oss-security/2023/03/28/2
- https://security.netapp.com/advisory/ntap-20230517-0004/
Modified: 2024-11-21
CVE-2023-38409
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d
Modified: 2025-02-13
CVE-2023-4244
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
- https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
- https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Modified: 2024-11-21
CVE-2023-42756
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.
- RHSA-2024:2394
- RHSA-2024:2394
- https://access.redhat.com/security/cve/CVE-2023-42756
- https://access.redhat.com/security/cve/CVE-2023-42756
- RHBZ#2239848
- RHBZ#2239848
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
- https://seclists.org/oss-sec/2023/q3/242
- https://seclists.org/oss-sec/2023/q3/242
Modified: 2025-03-20
CVE-2023-5345
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
Modified: 2024-11-21
CVE-2023-6176
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- RHSA-2024:2394
- RHSA-2024:2394
- RHSA-2024:2950
- RHSA-2024:2950
- RHSA-2024:3138
- RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6176
- https://access.redhat.com/security/cve/CVE-2023-6176
- RHBZ#2219359
- RHBZ#2219359
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066