ALT-PU-2018-2032-1
Package kernel-image-mp updated to version 4.17.8-alt1 for branch sisyphus in task 210481.
Closed vulnerabilities
BDU:2019-00979
Уязвимость файла drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать сбой в работе ядра операционной системы или повысить привилегии
BDU:2019-01056
Уязвимость функции ext4_init_block_bitmap() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01057
Уязвимость функции ext4_xattr_set_entry() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-01058
Уязвимость функции ext4_update_inline_data() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-10878
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/929237/
- http://patchwork.ozlabs.org/patch/929237/
- http://patchwork.ozlabs.org/patch/929238/
- http://patchwork.ozlabs.org/patch/929238/
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=199865
- https://bugzilla.kernel.org/show_bug.cgi?id=199865
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/928666/
- http://patchwork.ozlabs.org/patch/928666/
- http://patchwork.ozlabs.org/patch/928667/
- http://patchwork.ozlabs.org/patch/928667/
- 104902
- 104902
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
- http://patchwork.ozlabs.org/patch/930639/
- http://patchwork.ozlabs.org/patch/930639/
- 104907
- 104907
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3821-1
- USN-3821-1
- USN-3821-2
- USN-3821-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/929792/
- http://patchwork.ozlabs.org/patch/929792/
- 104901
- 104901
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3752-1
- USN-3752-1
- USN-3752-2
- USN-3752-2
- USN-3752-3
- USN-3752-3
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2018-16276
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- https://bugzilla.suse.com/show_bug.cgi?id=1106095
- https://bugzilla.suse.com/show_bug.cgi?id=1106095
- https://bugzilla.suse.com/show_bug.cgi?id=1115593
- https://bugzilla.suse.com/show_bug.cgi?id=1115593
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3776-1
- USN-3776-1
- USN-3776-2
- USN-3776-2
- USN-3847-1
- USN-3847-1
- USN-3847-2
- USN-3847-2
- USN-3847-3
- USN-3847-3
- USN-3849-1
- USN-3849-1
- USN-3849-2
- USN-3849-2
- DSA-4308
- DSA-4308