ALT-PU-2018-2112-1
Package kernel-image-std-def updated to version 4.4.141-alt0.M70C.1 for branch c7.1 in task 210400.
Closed vulnerabilities
BDU:2019-00979
Уязвимость файла drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать сбой в работе ядра операционной системы или повысить привилегии
BDU:2019-01054
Уязвимость функции ext4_ext_remove_space() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-01055
Уязвимость функции ext4_ext_drop_refs() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-01059
Уязвимость в файле transaction.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2019-01060
Уязвимость функции jbd2_journal_dirty_metadata() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-01296
Уязвимость функции uvesafb_setcmap function (drivers/video/fbdev/uvesafb.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2018-10876
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
- http://patchwork.ozlabs.org/patch/929239/
- http://patchwork.ozlabs.org/patch/929239/
- 104904
- 104904
- 106503
- 106503
- RHSA-2019:0525
- RHSA-2019:0525
- https://bugzilla.kernel.org/show_bug.cgi?id=199403
- https://bugzilla.kernel.org/show_bug.cgi?id=199403
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
- 104878
- 104878
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3754-1
- USN-3754-1
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- http://patchwork.ozlabs.org/patch/929792/
- http://patchwork.ozlabs.org/patch/929792/
- 104901
- 104901
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3752-1
- USN-3752-1
- USN-3752-2
- USN-3752-2
- USN-3752-3
- USN-3752-3
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2018-10882
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
- 106503
- 106503
- RHSA-2018:2948
- RHSA-2018:2948
- https://bugzilla.kernel.org/show_bug.cgi?id=200069
- https://bugzilla.kernel.org/show_bug.cgi?id=200069
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
Modified: 2024-11-21
CVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- https://support.f5.com/csp/article/K94735334?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K94735334?utm_source=f5support&%3Butm_medium=RSS
- USN-3871-1
- USN-3871-1
- USN-3871-3
- USN-3871-3
- USN-3871-4
- USN-3871-4
- USN-3871-5
- USN-3871-5
- USN-3879-1
- USN-3879-1
- USN-3879-2
- USN-3879-2
Modified: 2024-11-21
CVE-2018-13406
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713
- 104685
- 104685
- 1041355
- 1041355
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
- https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713
- https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- USN-3752-1
- USN-3752-1
- USN-3752-2
- USN-3752-2
- USN-3752-3
- USN-3752-3
- USN-3753-1
- USN-3753-1
- USN-3753-2
- USN-3753-2
- USN-3754-1
- USN-3754-1
Modified: 2024-11-21
CVE-2018-16276
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- https://bugzilla.suse.com/show_bug.cgi?id=1106095
- https://bugzilla.suse.com/show_bug.cgi?id=1106095
- https://bugzilla.suse.com/show_bug.cgi?id=1115593
- https://bugzilla.suse.com/show_bug.cgi?id=1115593
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3776-1
- USN-3776-1
- USN-3776-2
- USN-3776-2
- USN-3847-1
- USN-3847-1
- USN-3847-2
- USN-3847-2
- USN-3847-3
- USN-3847-3
- USN-3849-1
- USN-3849-1
- USN-3849-2
- USN-3849-2
- DSA-4308
- DSA-4308