ALT-BU-2024-3438-1
Branch sisyphus update bulletin.
Package kernel-image-mp updated to version 6.7.8-alt1 for branch sisyphus in task 341977.
Closed vulnerabilities
BDU:2024-01549
Уязвимость функции ubi_attach() драйвера UBI (Unsorted block images) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие
BDU:2024-01550
Уязвимость функции create_empty_lvol() драйвера UBI (Unsorted block images) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-25
CVE-2023-52429
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4
- [debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update
- [debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update
- [debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update
- [debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update
- FEDORA-2024-987089eca2
- FEDORA-2024-987089eca2
- FEDORA-2024-88847bc77a
- FEDORA-2024-88847bc77a
- https://www.spinics.net/lists/dm-devel/msg56625.html
- https://www.spinics.net/lists/dm-devel/msg56625.html
Modified: 2025-03-14
CVE-2024-25739
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9
- https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg
- https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg
- [debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update
- [debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update
- [debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update
- [debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update
- https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/mtd/ubi/vtbl.c?h=v6.6.24&id=d1b505c988b7
- https://www.spinics.net/lists/kernel/msg5074816.html
- https://www.spinics.net/lists/kernel/msg5074816.html
Modified: 2024-11-21
CVE-2024-25740
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Package puppetserver updated to version 6.20.0-alt3 for branch sisyphus in task 341989.
Closed bugs
puppetserver.service: Standard output type syslog is obsolete
Package puppetserver updated to version 6.20.0-alt4 for branch sisyphus in task 341937.
Closed bugs
Не запускается puppetserver.service (Could not find 'locale' (~> 2.1))