ALT-PU-2017-2434-1
Package kernel-image-un-def updated to version 4.13.7-alt1 for branch sisyphus in task 190832.
Closed vulnerabilities
BDU:2018-00518
Уязвимость ядра операционной системы Linux (fs/userfaultfd.c), связанная с использованием памяти после её освобождения, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2019-03748
Уязвимость реализации функции waitid ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2017-15126
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252
- 102516
- 102516
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- https://access.redhat.com/security/cve/CVE-2017-15126
- https://access.redhat.com/security/cve/CVE-2017-15126
- https://bugzilla.redhat.com/show_bug.cgi?id=1523481
- https://bugzilla.redhat.com/show_bug.cgi?id=1523481
- https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252
- https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
Modified: 2024-11-21
CVE-2017-15299
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
- RHSA-2018:0654
- RHSA-2018:0654
- https://bugzilla.redhat.com/show_bug.cgi?id=1498016
- https://bugzilla.redhat.com/show_bug.cgi?id=1498016
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- https://marc.info/?t=150654188100001&r=1&w=2
- https://marc.info/?t=150654188100001&r=1&w=2
- https://marc.info/?t=150783958600011&r=1&w=2
- https://marc.info/?t=150783958600011&r=1&w=2
- USN-3798-1
- USN-3798-1
- USN-3798-2
- USN-3798-2
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html
Modified: 2024-11-21
CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
- https://crbug.com/772848
- https://crbug.com/772848
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51
- https://security.netapp.com/advisory/ntap-20211223-0003/
- https://security.netapp.com/advisory/ntap-20211223-0003/