ALT-PU-2022-1886-1
Package kernel-image-un-def updated to version 5.17.9-alt1 for branch sisyphus in task 300156.
Closed vulnerabilities
Published: 2022-05-18
BDU:2022-03921
Уязвимость ядра операционной системы Linux, связанная с недостаточной энтропией, позволяющая нарушителю идентифицировать клиентов
Severity: MEDIUM (5.3)
Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-06-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
Severity: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
- https://arxiv.org/abs/2209.12993
- https://arxiv.org/abs/2209.12993
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
- https://github.com/0xkol/rfc6056-device-tracker
- https://github.com/0xkol/rfc6056-device-tracker
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- DSA-5173
- DSA-5173