ALT-PU-2020-1944-1
Package kernel-image-un-def updated to version 5.6.12-alt1 for branch sisyphus in task 251537.
Closed vulnerabilities
Modified: 2023-08-24
BDU:2020-02428
Уязвимость реализации файловой системы FUSE ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-05-30
BDU:2020-02431
Уязвимость функции sg_write ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-05-30
BDU:2020-02432
Уязвимость функции btree_gc_coalesce (drivers/md/bcache/btree.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-01-09
BDU:2022-01501
Уязвимость реализации протокола TCP ядра операционных систем Linux, позволяющая нарушителю провести атаку типа «человек посередине»
Modified: 2024-11-21
CVE-2019-20794
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.
- http://www.openwall.com/lists/oss-security/2020/08/24/1
- https://github.com/sargun/fuse-example
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://sourceforge.net/p/fuse/mailman/message/36598753/
- http://www.openwall.com/lists/oss-security/2020/08/24/1
- https://github.com/sargun/fuse-example
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://sourceforge.net/p/fuse/mailman/message/36598753/
Modified: 2024-11-21
CVE-2020-12770
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://lkml.org/lkml/2020/4/13/870
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4414-1/
- https://usn.ubuntu.com/4419-1/
- https://www.debian.org/security/2020/dsa-4698
- https://www.debian.org/security/2020/dsa-4699
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/
- https://lkml.org/lkml/2020/4/13/870
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4414-1/
- https://usn.ubuntu.com/4419-1/
- https://www.debian.org/security/2020/dsa-4698
- https://www.debian.org/security/2020/dsa-4699
Modified: 2024-11-21
CVE-2020-12771
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lkml.org/lkml/2020/4/26/87
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4462-1/
- https://usn.ubuntu.com/4463-1/
- https://usn.ubuntu.com/4465-1/
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4485-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lkml.org/lkml/2020/4/26/87
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4462-1/
- https://usn.ubuntu.com/4463-1/
- https://usn.ubuntu.com/4465-1/
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4485-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
Modified: 2024-11-21
CVE-2020-36516
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.