Branch c10f1 update bulletin.

Package linux-pam updated to version 1.6.1-alt1 for branch c10f1 in task 357629.

Published: 2024-01-09

BDU:2024-00829

Уязвимость функции protect_dir (pam_namespace.so) модуля аутентификации Linux-PAM, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References:

CVE-2024-22365

Published: 2024-02-06
Modified: 2024-11-21

CVE-2024-22365

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Package logrotate updated to version 3.20.1-alt2 for branch c10f1 in task 356705.

Published: 2022-05-25
Modified: 2024-11-21

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Branch c10f1 update on 2024-09-20

ALT-BU-2024-12997-1

ALT-PU-2024-12808-3

Closed vulnerabilities

BDU:2024-00829

CVE-2024-22365

ALT-PU-2024-12867-2

Closed vulnerabilities

CVE-2022-1348