Вышли обновления безопасности Astra Linux Special Edition

Пакет обновлений безопасности 3 108 2018SE15 для Astra Linux Special Edition

Производителем ОС (НПО «РусБИТех») выпущен пакет обновлений № 3 108 2018SE15 для Astra Linux Special Edition, касающийся безопасности и исправляющие некоторые ошибки. Пакет является накопительным и включает ранее вышедшие пакеты № 203 2018SE15, № 2 903 2017SE15, № 1 609 2016SE15, № 2 710 2017SE15.

Для удобства пользователей данные обновления выкладываются в наш репозиторий http://packages.lab50.net/security.

Все пакеты, также как и сам репозиторий, представлены в оригинальном неизменном виде и подписаны ключами производителя. Для его использования дополнительных ключей не требуется.

Для подключения репозитория безопасности создайте файл /etc/apt/sources.list.d/security.list:

deb http://packages.lab50.net/security/ smolensk main contrib non-free

После подключения обновить систему можно с помощью команд:

sudo aptitude update
sudo aptitude full-upgrade

В обновлении включена новая версия ядра (4.2.0−24) для минимизации рисков эксплуатации уязвимостей микропроцессоров Meltdown (CVE-2017−5754) и Spectre v2 (CVE-2017−5715).

В связи с серьезными изменениями в части своего интерфейса это ядро устанавливается дополнительно к linux 4.2.0−23 и не загружается по умолчанию. Для его использования необходимо:

  1. Внести следующие правки в файл /etc/default/grub:
    GRUB_DEFAULT=0 вместо #GRUB_DEFAULT=0
    #GRUB_DEFAULT=version вместо GRUB_DEFAULT=version
    
  2. Запустить команду update-grub.

Список уязвимостей

Критические

Важные

Средние

CVE-2018−1312 http_server In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
CVE-2018−0492 beep Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
CVE-2018−1 000 301 curl curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
CVE-2018−1 000 001 glibc In glibc 2.26 and earlier there is confusion in the usage of getcwd () by realpath () which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2018−5183 firefox_esr Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVE-2018−10 194 gpl_ghostscript The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017−17 784 gimp In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
CVE-2017−17 785 gimp In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
CVE-2017−17 786 gimp In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
CVE-2017−17 787 gimp In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
CVE-2017−17 788 gimp In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
CVE-2017−17 789 gimp In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
CVE-2018−11 235 git In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted. gitmodules file, a malicious project can execute an arbitrary script on a machine that runs «git clone --recurse-submodules» because submodule «names» are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with «./» in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVE-2018−1 000 041 librsvg GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim’s Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
CVE-2018−7225 libvncserver An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage () in rfbserver. c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
CVE-2018−5146 firefox An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
CVE-2018−1 000 132 mercurial Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
CVE-2018−1 000 116 net-snmp NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
CVE-2018−1 000 156 patch GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD’s CVE-2015−1418 however although they share a common ancestry the code bases have diverged over time.
CVE-2018−6913 perl Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
CVE-2018−7550 qemu The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2018−1 000 076 rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62 422 contains a Improper Verification of Cryptographic Signature vulnerability in package. rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures. This vulnerability appears to have been fixed in 2.7.6.

Низкие

CVE-2017−18 190 cups A localhost. localdomain whitelist entry in valid_host () in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost. localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost. localdomain is 127.0.0.1).
CVE-2018−10 360 file The do_core_note function in readelf. c in libmagic. a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
CVE-2018−9018 graphicsmagick In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
CVE-2018−11 251 imagemagick In ImageMagick 7.0.7−23 Q16×8664 2018−01−24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
CVE-2018−5711 php gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
CVE-2017−8374 mad_libmad The mad_bit_skip function in bit. c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
CVE-2018−5748 libvirt qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2017−13 194 android A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64 710 201.
CVE-2018−1 000 127 ubuntu_linux memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items. c:item_free () that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
CVE-2018−0739 openssl Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0−1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
CVE-2018−10 548 php An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.
CVE-2018−1125 ubuntu_linux procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat () to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
CVE-2018−6594 pycrypto lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto’s ElGamal implementation.
CVE-2018−7537 django An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars () and words () methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars () and words () methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
CVE-2018−5764 rsync The parse_arguments function in options. c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
CVE-2018−1 000 075 rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62 422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop. This vulnerability appears to have been fixed in 2.7.6.
CVE-2018−1 000 077 rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62 422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.
CVE-2018−1 000 078 rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62 422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.
CVE-2018−1 000 027 squid The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
CVE-2018−0494 ubuntu_linux GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http. c via a \r\n sequence in a continuation line.

Неизвестно

Astra-ald-2018−01 Неизвестно Описание отсутствует
CVE-2017−3145 Неизвестно Описание отсутствует
CVE-2017−14 461 Неизвестно A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
Astra-fly-2018−02 Неизвестно Описание отсутствует
Astra-fly-2018−03 Неизвестно Описание отсутствует
CVE-2017−2839 Неизвестно Описание отсутствует
CVE-2017−15 422 Неизвестно Описание отсутствует
CVE-2018−5732 Неизвестно Описание отсутствует
Astra-prsc-2018−04 Неизвестно Описание отсутствует
CVE-2017−17 833 Неизвестно Описание отсутствует
CVE-2016−10 708 Неизвестно Описание отсутствует
Astra-psql-2018−05 Неизвестно Описание отсутствует
Astra-psql-2018−06 Неизвестно Описание отсутствует
CVE-2017−14 450 Неизвестно Описание отсутствует
Astra-Xorg-2018−07 Неизвестно Описание отсутствует

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *