Пакет обновлений безопасности 31082018SE15 для Astra Linux Special Edition
Производителем ОС (НПО «РусБИТех») выпущен пакет обновлений № 31082018SE15 для Astra Linux Special Edition, касающийся безопасности и исправляющие некоторые ошибки. Пакет является накопительным и включает ранее вышедшие пакеты № 02032018SE15, № 29032017SE15, № 16092016SE15, № 27102017SE15.
Для удобства пользователей данные обновления выкладываются в наш репозиторий http://packages.lab50.net/security.
Все пакеты, также как и сам репозиторий, представлены в оригинальном неизменном виде и подписаны ключами производителя. Для его использования дополнительных ключей не требуется.
Для подключения репозитория безопасности создайте файл /etc/apt/sources.list.d/security.list:
deb http://packages.lab50.net/security/ smolensk main contrib non-free
После подключения обновить систему можно с помощью команд:
sudo aptitude update sudo aptitude full-upgrade
В обновлении включена новая версия ядра (4.2.0-24) для минимизации рисков эксплуатации уязвимостей микропроцессоров Meltdown (CVE-2017-5754) и Spectre v2 (CVE-2017-5715).
В связи с серьезными изменениями в части своего интерфейса это ядро устанавливается дополнительно к linux 4.2.0-23 и не загружается по умолчанию. Для его использования необходимо:
- Внести следующие правки в файл /etc/default/grub:
GRUB_DEFAULT=0 вместо #GRUB_DEFAULT=0 #GRUB_DEFAULT=version вместо GRUB_DEFAULT=version
- Запустить команду update-grub.
Список уязвимостей
Критические
Важные
Средние
| CVE-2018-1312 | http_server | In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. |
| CVE-2018-0492 | beep | Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. |
| CVE-2018-1000301 | curl | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
| CVE-2018-1000001 | glibc | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
| CVE-2018-5183 | firefox_esr | Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. |
| CVE-2018-10194 | gpl_ghostscript | The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. |
| CVE-2017-17784 | gimp | In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. |
| CVE-2017-17785 | gimp | In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. |
| CVE-2017-17786 | gimp | In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. |
| CVE-2017-17787 | gimp | In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. |
| CVE-2017-17788 | gimp | In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no ‘\0’ character after the version string. |
| CVE-2017-17789 | gimp | In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. |
| CVE-2018-11235 | git | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs «git clone —recurse-submodules» because submodule «names» are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with «../» in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. |
| CVE-2018-1000041 | librsvg | GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim’s Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. |
| CVE-2018-7225 | libvncserver | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. |
| CVE-2018-5146 | firefox | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. |
| CVE-2018-1000132 | mercurial | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. |
| CVE-2018-1000116 | net-snmp | NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. |
| CVE-2018-1000156 | patch | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD’s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. |
| CVE-2018-6913 | perl | Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. |
| CVE-2018-7550 | qemu | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. |
| CVE-2018-1000076 | rubygems | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. |
Низкие
| CVE-2017-18190 | cups | A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). |
| CVE-2018-10360 | file | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
| CVE-2018-9018 | graphicsmagick | In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
| CVE-2018-11251 | imagemagick | In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. |
| CVE-2018-5711 | php | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. |
| CVE-2017-8374 | mad_libmad | The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. |
| CVE-2018-5748 | libvirt | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. |
| CVE-2017-13194 | android | A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. |
| CVE-2018-1000127 | ubuntu_linux | memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. |
| CVE-2018-0739 | openssl | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). |
| CVE-2018-10548 | php | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. |
| CVE-2018-1125 | ubuntu_linux | procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. |
| CVE-2018-6594 | pycrypto | lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto’s ElGamal implementation. |
| CVE-2018-7537 | django | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| CVE-2018-5764 | rsync | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple —protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. |
| CVE-2018-1000075 | rubygems | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. |
| CVE-2018-1000077 | rubygems | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. |
| CVE-2018-1000078 | rubygems | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. |
| CVE-2018-1000027 | squid | The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. |
| CVE-2018-0494 | ubuntu_linux | GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. |
Неизвестно
| Astra-ald-2018-01 | Неизвестно | Описание отсутствует |
| CVE-2017-3145 | Неизвестно | Описание отсутствует |
| CVE-2017-14461 | Неизвестно | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. |
| Astra-fly-2018-02 | Неизвестно | Описание отсутствует |
| Astra-fly-2018-03 | Неизвестно | Описание отсутствует |
| CVE-2017-2839 | Неизвестно | Описание отсутствует |
| CVE-2017-15422 | Неизвестно | Описание отсутствует |
| CVE-2018-5732 | Неизвестно | Описание отсутствует |
| Astra-prsc-2018-04 | Неизвестно | Описание отсутствует |
| CVE-2017-17833 | Неизвестно | Описание отсутствует |
| CVE-2016-10708 | Неизвестно | Описание отсутствует |
| Astra-psql-2018-05 | Неизвестно | Описание отсутствует |
| Astra-psql-2018-06 | Неизвестно | Описание отсутствует |
| CVE-2017-14450 | Неизвестно | Описание отсутствует |
| Astra-Xorg-2018-07 | Неизвестно | Описание отсутствует |
Как посмотреть в системе установленные обновления безопасности?
Смотрите файл /usr/share/base-files/update/astra_update_version