ALT Linux Team

Package kernel-image-un-def update in sisyphus on 2019-09-06

ALT-PU-2019-2656-1

Package kernel-image-un-def updated to version 5.2.12-alt1 for branch sisyphus in task 237225.

Closed vulnerabilities

Published: 2019-09-04

BDU:2020-00236

Уязвимость подсистемы ptrace ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: LOW (3.8) Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2019-09-04
Modified: 2024-11-21

CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Severity: MEDIUM (4.7) Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top