CVE-2016-9604
CVSSN/A
发布时间 :2018-07-11 09:29:00
修订时间 :2018-07-12 21:29:00
NMPS    

[原文]It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9604
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9604
(官方数据源) NVD

- 其它链接及资源

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html
(UNKNOWN)  CONFIRM  http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html
http://www.securityfocus.com/bid/102135
(UNKNOWN)  BID  102135
https://access.redhat.com/errata/RHSA-2017:1842
(UNKNOWN)  REDHAT  RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:2077
(UNKNOWN)  REDHAT  RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2669
(UNKNOWN)  REDHAT  RHSA-2017:2669
https://bugzilla.novell.com/show_bug.cgi?id=1035576
(UNKNOWN)  CONFIRM  https://bugzilla.novell.com/show_bug.cgi?id=1035576
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f
(UNKNOWN)  CONFIRM  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f

- 漏洞信息 (F142830)

Ubuntu Security Notice USN-3312-2 (PacketStormID:F142830)
2017-06-07 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,vulnerability
linux,ubuntu
CVE-2016-7913,CVE-2016-7917,CVE-2016-8632,CVE-2016-9083,CVE-2016-9084,CVE-2016-9604,CVE-2017-0605,CVE-2017-2596,CVE-2017-2671,CVE-2017-6001,CVE-2017-7472,CVE-2017-7618,CVE-2017-7645,CVE-2017-7889,CVE-2017-7895
[点击下载]

Ubuntu Security Notice 3312-2 - USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3312-2
June 07, 2017

linux-lts-xenial vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)

Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)

Dmitry Vyukov discovered that KVM implementation in the Linux kernel
improperly emulated the VMXON instruction. A local attacker in a guest OS
could use this to cause a denial of service (memory consumption) in the
host OS. (CVE-2017-2596)

Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash). (CVE-2017-2671)

Di Shen discovered that a race condition existed in the perf subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service or possibly gain administrative privileges. (CVE-2017-6001)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash)
implementation in the Linux kernel did not properly handle a full request
queue. A local attacker could use this to cause a denial of service
(infinite recursion). (CVE-2017-7618)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly handle certain long
RPC replies. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2017-7645)

Tommi Rantala and Brad Spengler discovered that the memory manager in the
Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection
mechanism. A local attacker with access to /dev/mem could use this to
expose sensitive information or possibly execute arbitrary code.
(CVE-2017-7889)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly check for the end of
buffer. A remote attacker could use this to craft requests that cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7895)

It was discovered that a use-after-free vulnerability existed in the device
driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7913)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-79-generic    4.4.0-79.100~14.04.1
  linux-image-4.4.0-79-generic-lpae  4.4.0-79.100~14.04.1
  linux-image-4.4.0-79-lowlatency  4.4.0-79.100~14.04.1
  linux-image-4.4.0-79-powerpc-e500mc  4.4.0-79.100~14.04.1
  linux-image-4.4.0-79-powerpc-smp  4.4.0-79.100~14.04.1
  linux-image-4.4.0-79-powerpc64-emb  4.4.0-79.100~14.04.1
  linux-image-4.4.0-79-powerpc64-smp  4.4.0-79.100~14.04.1
  linux-image-generic-lpae-lts-xenial  4.4.0.79.64
  linux-image-generic-lts-xenial  4.4.0.79.64
  linux-image-lowlatency-lts-xenial  4.4.0.79.64
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.79.64
  linux-image-powerpc-smp-lts-xenial  4.4.0.79.64
  linux-image-powerpc64-emb-lts-xenial  4.4.0.79.64
  linux-image-powerpc64-smp-lts-xenial  4.4.0.79.64

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3312-2
  https://www.ubuntu.com/usn/usn-3312-1
  CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083,
  CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596,
  CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618,
  CVE-2017-7645, CVE-2017-7889, CVE-2017-7895

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-79.100~14.04.1


    

- 漏洞信息 (F142829)

Ubuntu Security Notice USN-3312-1 (PacketStormID:F142829)
2017-06-07 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,overflow,arbitrary,kernel,local
linux,ubuntu
CVE-2016-7913,CVE-2016-7917,CVE-2016-8632,CVE-2016-9083,CVE-2016-9084,CVE-2016-9604,CVE-2017-0605,CVE-2017-2596,CVE-2017-2671,CVE-2017-6001,CVE-2017-7472,CVE-2017-7618,CVE-2017-7645,CVE-2017-7889,CVE-2017-7895
[点击下载]

Ubuntu Security Notice 3312-1 - It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3312-1
June 07, 2017

linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon Processors

Details:

It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)

Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)

Dmitry Vyukov discovered that KVM implementation in the Linux kernel
improperly emulated the VMXON instruction. A local attacker in a guest OS
could use this to cause a denial of service (memory consumption) in the
host OS. (CVE-2017-2596)

Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash). (CVE-2017-2671)

Di Shen discovered that a race condition existed in the perf subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service or possibly gain administrative privileges. (CVE-2017-6001)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash)
implementation in the Linux kernel did not properly handle a full request
queue. A local attacker could use this to cause a denial of service
(infinite recursion). (CVE-2017-7618)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly handle certain long
RPC replies. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2017-7645)

Tommi Rantala and Brad Spengler discovered that the memory manager in the
Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection
mechanism. A local attacker with access to /dev/mem could use this to
expose sensitive information or possibly execute arbitrary code.
(CVE-2017-7889)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly check for the end of
buffer. A remote attacker could use this to craft requests that cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7895)

It was discovered that a use-after-free vulnerability existed in the device
driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7913)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1014-gke      4.4.0-1014.14
  linux-image-4.4.0-1018-aws      4.4.0-1018.27
  linux-image-4.4.0-1057-raspi2   4.4.0-1057.64
  linux-image-4.4.0-1059-snapdragon  4.4.0-1059.63
  linux-image-4.4.0-79-generic    4.4.0-79.100
  linux-image-4.4.0-79-generic-lpae  4.4.0-79.100
  linux-image-4.4.0-79-lowlatency  4.4.0-79.100
  linux-image-4.4.0-79-powerpc-e500mc  4.4.0-79.100
  linux-image-4.4.0-79-powerpc-smp  4.4.0-79.100
  linux-image-4.4.0-79-powerpc64-smp  4.4.0-79.100
  linux-image-aws                 4.4.0.1018.21
  linux-image-generic             4.4.0.79.85
  linux-image-generic-lpae        4.4.0.79.85
  linux-image-gke                 4.4.0.1014.16
  linux-image-lowlatency          4.4.0.79.85
  linux-image-powerpc-e500mc      4.4.0.79.85
  linux-image-powerpc-smp         4.4.0.79.85
  linux-image-powerpc64-emb       4.4.0.79.85
  linux-image-powerpc64-smp       4.4.0.79.85
  linux-image-raspi2              4.4.0.1057.58
  linux-image-snapdragon          4.4.0.1059.52
  linux-image-virtual             4.4.0.79.85

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3312-1
  CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083,
  CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596,
  CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618,
  CVE-2017-7645, CVE-2017-7889, CVE-2017-7895

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-79.100
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1018.27
  https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1014.14
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1057.64
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1059.63


    

- 漏洞信息 (F142824)

Ubuntu Security Notice USN-3314-1 (PacketStormID:F142824)
2017-06-07 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary,kernel,local
linux,ubuntu
CVE-2016-9604,CVE-2017-0605,CVE-2017-2671,CVE-2017-7277,CVE-2017-7472,CVE-2017-7618,CVE-2017-7645,CVE-2017-7889,CVE-2017-7895,CVE-2017-7979,CVE-2017-8063,CVE-2017-8064,CVE-2017-8067
[点击下载]

Ubuntu Security Notice 3314-1 - It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3314-1
June 07, 2017

linux, linux-raspi2 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)

Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash). (CVE-2017-2671)

JongHwan Kim discovered an out-of-bounds read in the TCP stack of the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or leak sensitive information. (CVE-2017-7277)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash)
implementation in the Linux kernel did not properly handle a full request
queue. A local attacker could use this to cause a denial of service
(infinite recursion). (CVE-2017-7618)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly handle certain long
RPC replies. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2017-7645)

Tommi Rantala and Brad Spengler discovered that the memory manager in the
Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection
mechanism. A local attacker with access to /dev/mem could use this to
expose sensitive information or possibly execute arbitrary code.
(CVE-2017-7889)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly check for the end of
buffer. A remote attacker could use this to craft requests that cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7895)

Fabian Gr=FCnbichler discovered that the Packet action API implementation in
the Linux kernel improperly handled uninitialized data. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-7979)

It was discovered that the Conexant USB driver in the Linux kernel
improperly handled memory in some configurations. A local attacker could
use this to cause a denial of service (system crash). (CVE-2017-8063)

It was discovered that the DVD USB framework in the Linux kernel improperly
handled memory in some configurations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2017-8064)

It was discovered that the virtio console driver in the Linux kernel
improperly handled memory. A local attacker could use this to cause a
denial of service (system crash). (CVE-2017-8067)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  linux-image-4.10.0-1006-raspi2  4.10.0-1006.8
  linux-image-4.10.0-22-generic   4.10.0-22.24
  linux-image-4.10.0-22-generic-lpae  4.10.0-22.24
  linux-image-4.10.0-22-lowlatency  4.10.0-22.24
  linux-image-generic             4.10.0.22.24
  linux-image-generic-lpae        4.10.0.22.24
  linux-image-lowlatency          4.10.0.22.24
  linux-image-raspi2              4.10.0.1006.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3314-1
  CVE-2016-9604, CVE-2017-0605, CVE-2017-2671, CVE-2017-7277,
  CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889,
  CVE-2017-7895, CVE-2017-7979, CVE-2017-8063, CVE-2017-8064,
  CVE-2017-8067

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.10.0-22.24
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1006.8


    

- 漏洞信息 (F143381)

Kernel Live Patch Security Notice LSN-0025-1 (PacketStormID:F143381)
2017-07-16 00:00:00
Benjamin M. Romer  
advisory,denial of service,arbitrary,kernel,local,vulnerability
linux
CVE-2016-8632,CVE-2016-9604,CVE-2017-1000364,CVE-2017-2584,CVE-2017-6074,CVE-2017-7346,CVE-2017-7472,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9242
[点击下载]

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.

==========================================================================
Kernel Live Patch Security Notice LSN-0025-1
July 06, 2017

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
improperly emulated certain instructions. A local attacker could use this
to obtain sensitive information (kernel memory). (CVE-2017-2584)

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-21.37     | 25.1     | generic, lowlatency      |
| 4.4.0-22.39     | 25.1     | generic, lowlatency      |
| 4.4.0-22.40     | 25.1     | generic, lowlatency      |
| 4.4.0-24.43     | 25.1     | generic, lowlatency      |
| 4.4.0-28.47     | 25.1     | generic, lowlatency      |
| 4.4.0-31.50     | 25.1     | generic, lowlatency      |
| 4.4.0-34.53     | 25.1     | generic, lowlatency      |
| 4.4.0-36.55     | 25.1     | generic, lowlatency      |
| 4.4.0-38.57     | 25.1     | generic, lowlatency      |
| 4.4.0-42.62     | 25.1     | generic, lowlatency      |
| 4.4.0-43.63     | 25.1     | generic, lowlatency      |
| 4.4.0-45.66     | 25.1     | generic, lowlatency      |
| 4.4.0-47.68     | 25.1     | generic, lowlatency      |
| 4.4.0-51.72     | 25.1     | generic, lowlatency      |
| 4.4.0-53.74     | 25.1     | generic, lowlatency      |
| 4.4.0-57.78     | 25.1     | generic, lowlatency      |
| 4.4.0-59.80     | 25.1     | generic, lowlatency      |
| 4.4.0-62.83     | 25.1     | generic, lowlatency      |
| 4.4.0-63.84     | 25.1     | generic, lowlatency      |
| 4.4.0-64.85     | 25.1     | generic, lowlatency      |
| 4.4.0-66.87     | 25.1     | generic, lowlatency      |
| 4.4.0-67.88     | 25.1     | generic, lowlatency      |
| 4.4.0-70.91     | 25.1     | generic, lowlatency      |
| 4.4.0-71.92     | 25.1     | generic, lowlatency      |
| 4.4.0-72.93     | 25.1     | generic, lowlatency      |
| 4.4.0-75.96     | 25.1     | generic, lowlatency      |
| 4.4.0-77.98     | 25.1     | generic, lowlatency      |
| 4.4.0-78.99     | 25.1     | generic, lowlatency      |
| 4.4.0-79.100    | 25.1     | generic, lowlatency      |
| 4.4.0-81.104    | 25.1     | generic, lowlatency      |
| 4.4.0-83.106    | 25.1     | generic, lowlatency      |
| lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2  | generic, lowlatency      |
| lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2  | generic, lowlatency      |
| lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
  CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584,
  CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9242

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    

- 漏洞信息 (F143429)

Ubuntu Security Notice USN-3361-1 (PacketStormID:F143429)
2017-07-21 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,vulnerability
linux,ubuntu
CVE-2015-1350,CVE-2016-10208,CVE-2016-8405,CVE-2016-8636,CVE-2016-9083,CVE-2016-9084,CVE-2016-9191,CVE-2016-9604,CVE-2016-9755,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2618,CVE-2017-2671,CVE-2017-5546,CVE-2017-5549,CVE-2017-5550,CVE-2017-5551,CVE-2017-5576,CVE-2017-5669,CVE-2017-5897,CVE-2017-5970,CVE-2017-6001,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6348
[点击下载]

Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3361-1
July 21, 2017

linux-hwe vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-meta-hwe:

Details:

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.

Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)

Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially craft an ext4 image that causes a denial
of service (system crash). (CVE-2016-10208)

Peter Pi discovered that the colormap handling for frame buffer devices in
the Linux kernel contained an integer overflow. A local attacker could use
this to disclose sensitive information (kernel memory). (CVE-2016-8405)

It was discovered that an integer overflow existed in the InfiniBand RDMA
over ethernet (RXE) transport implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-8636)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet
discovered that the netfiler subsystem in the Linux kernel mishandled IPv6
packet reassembly. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2016-9755)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in
the Linux kernel did not properly emulate instructions on the SS segment
register. A local attacker in a guest virtual machine could use this to
cause a denial of service (guest OS crash) or possibly gain administrative
privileges in the guest OS. (CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
improperly emulated certain instructions. A local attacker could use this
to obtain sensitive information (kernel memory). (CVE-2017-2584)

Dmitry Vyukov discovered that KVM implementation in the Linux kernel
improperly emulated the VMXON instruction. A local attacker in a guest OS
could use this to cause a denial of service (memory consumption) in the
host OS. (CVE-2017-2596)

It was discovered that SELinux in the Linux kernel did not properly handle
empty writes to /proc/pid/attr. A local attacker could use this to cause a
denial of service (system crash). (CVE-2017-2618)

Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash). (CVE-2017-2671)

It was discovered that the freelist-randomization in the SLAB memory
allocator allowed duplicate freelist entries. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-5546)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in
the Linux kernel did not properly initialize memory related to logging. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2017-5549)

It was discovered that a fencepost error existed in the pipe_advance()
function in the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2017-5550)

It was discovered that the Linux kernel did not clear the setgid bit during
a setxattr call on a tmpfs filesystem. A local attacker could use this to
gain elevated group privileges. (CVE-2017-5551)

Murray McAllister discovered that an integer overflow existed in the
VideoCore DRM driver of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-5576)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did
not properly restrict mapping page zero. A local privileged attacker could
use this to execute arbitrary code. (CVE-2017-5669)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic
Routing Encapsulation (GRE) tunneling implementation in the Linux kernel.
An attacker could use this to possibly expose sensitive information.
(CVE-2017-5897)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Di Shen discovered that a race condition existed in the perf subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service or possibly gain administrative privileges. (CVE-2017-6001)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did
not properly set up a destructor in certain situations. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-6345)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

Andrey Konovalov discovered that the IP layer in the Linux kernel made
improper assumptions about internal data layout when performing checksums.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-6347)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (deadlock). (CVE-2017-6348)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

It was discovered that a NULL pointer dereference existed in the Direct
Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2017-7261)

It was discovered that the USB Cypress HID drivers for the Linux kernel did
not properly validate reported information from the device. An attacker
with physical access could use this to expose sensitive information (kernel
memory). (CVE-2017-7273)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that an information leak existed in the set_mempolicy and
mbind compat syscalls in the Linux kernel. A local attacker could use this
to expose sensitive information (kernel memory). (CVE-2017-7616)

Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash)
implementation in the Linux kernel did not properly handle a full request
queue. A local attacker could use this to cause a denial of service
(infinite recursion). (CVE-2017-7618)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly handle certain long
RPC replies. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2017-7645)

Tommi Rantala and Brad Spengler discovered that the memory manager in the
Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection
mechanism. A local attacker with access to /dev/mem could use this to
expose sensitive information or possibly execute arbitrary code.
(CVE-2017-7889)

Tuomas Haanp=E4=E4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server
implementations in the Linux kernel did not properly check for the end of
buffer. A remote attacker could use this to craft requests that cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7895)

It was discovered that an integer underflow existed in the Edgeport USB
Serial Converter device driver of the Linux kernel. An attacker with
physical access could use this to expose sensitive information (kernel
memory). (CVE-2017-8924)

It was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux
kernel did not properly perform reference counting. A local attacker could
use this to cause a denial of service (tty exhaustion). (CVE-2017-8925)

Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.10.0-27-generic   4.10.0-27.30~16.04.2
  linux-image-4.10.0-27-generic-lpae  4.10.0-27.30~16.04.2
  linux-image-4.10.0-27-lowlatency  4.10.0-27.30~16.04.2
  linux-image-generic-hwe-16.04   4.10.0.27.30
  linux-image-generic-lpae-hwe-16.04  4.10.0.27.30
  linux-image-lowlatency-hwe-16.04  4.10.0.27.30

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3361-1
  CVE-2015-1350, CVE-2016-10208, CVE-2016-8405, CVE-2016-8636,
  CVE-2016-9083, CVE-2016-9084, CVE-2016-9191, CVE-2016-9604,
  CVE-2016-9755, CVE-2017-2583, CVE-2017-2584, CVE-2017-2596,
  CVE-2017-2618, CVE-2017-2671, CVE-2017-5546, CVE-2017-5549,
  CVE-2017-5550, CVE-2017-5551, CVE-2017-5576, CVE-2017-5669,
  CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6214,
  CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348,
  CVE-2017-7187, CVE-2017-7261, CVE-2017-7273, CVE-2017-7472,
  CVE-2017-7616, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889,
  CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9150

Package Information:
  https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-27.30~16.04.2
  https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.10.0.27.30


    

- 漏洞信息 (F143613)

Red Hat Security Advisory 2017-1842-01 (PacketStormID:F143613)
2017-08-02 00:00:00
Red Hat  
advisory,kernel,local
linux,redhat
CVE-2014-7970,CVE-2014-7975,CVE-2015-8839,CVE-2015-8970,CVE-2016-10088,CVE-2016-10147,CVE-2016-10200,CVE-2016-6213,CVE-2016-7042,CVE-2016-7097,CVE-2016-8645,CVE-2016-9576,CVE-2016-9588,CVE-2016-9604,CVE-2016-9685,CVE-2016-9806,CVE-2017-2596,CVE-2017-2647,CVE-2017-2671,CVE-2017-5970,CVE-2017-6001,CVE-2017-6951,CVE-2017-7187,CVE-2017-7616,CVE-2017-7889,CVE-2017-8797,CVE-2017-8890,CVE-2017-9074
[点击下载]

Red Hat Security Advisory 2017-1842-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:1842-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1842
Issue date:        2017-08-01
CVE Names:         CVE-2014-7970 CVE-2014-7975 CVE-2015-8839 
                   CVE-2015-8970 CVE-2016-10088 CVE-2016-10147 
                   CVE-2016-10200 CVE-2016-6213 CVE-2016-7042 
                   CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 
                   CVE-2016-9588 CVE-2016-9604 CVE-2016-9685 
                   CVE-2016-9806 CVE-2017-2596 CVE-2017-2647 
                   CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 
                   CVE-2017-6951 CVE-2017-7187 CVE-2017-7616 
                   CVE-2017-7889 CVE-2017-8797 CVE-2017-8890 
                   CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 
                   CVE-2017-9077 CVE-2017-9242 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An use-after-free flaw was found in the Linux kernel which enables a race
condition in the L2TPv3 IP Encapsulation feature. A local user could use
this flaw to escalate their privileges or crash the system.
(CVE-2016-10200, Important)

* A flaw was found that can be triggered in keyring_search_iterator in
keyring.c if type->match is NULL. A local user could use this flaw to crash
the system or, potentially, escalate their privileges. (CVE-2017-2647,
Important)

* It was found that the NFSv4 server in the Linux kernel did not properly
validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO
operands. A remote attacker could use this flaw to soft-lockup the system
and thus cause denial of service. (CVE-2017-8797, Important)

This update also fixes multiple Moderate and Low impact security issues:

* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,
CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806,
CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671,
CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616,
CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075,
CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,
CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685

Documentation for these issues is available from the Release Notes document
linked from the References section.

Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin
(Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily
Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting
CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596.
The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the
CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan
Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by
Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David
Howells (Red Hat).

Additional Changes:

For detailed information on other changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1151095 - CVE-2014-7970 Kernel: fs: VFS denial of service
1151108 - CVE-2014-7975 Kernel: fs: umount denial of service
1178491 - intel_rapl: no valid rapl domains found in package 0"
1283257 - [RFE] IOMMU support in Vhost-net
1322495 - CVE-2016-6213 kernel: user namespace: unlimited consumed of kernel mount resources [rhel-7.4]
1323577 - CVE-2015-8839 kernel: ext4 filesystem page fault race condition with fallocate call.
1330000 - kernel: Backport getrandom system call
1349647 - NFS client may keep phantom directory entry in dcache when rename is canceled
1352741 - tx array support in tun
1356471 - CVE-2016-6213 kernel: Overflowing kernel mount table using shared bind mount
1368577 - kernel crash after a few hours/days with NFS 4.1 and 4.2 enabled
1368938 - CVE-2016-7097 kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
1371693 - Processes on nfs client have very high cpu usage in rpcauth_lookup_credcache
1371714 - btrfs module init creates a useless file in /sys/kernel/debug with 0666 permissions
1373966 - CVE-2016-7042 kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
1378656 - [LLNL 7.4 Bug] Serious Performance regression with NATed IPoIB connected mode
1383739 - BUG: Dentry ffff880232eeacc0{i=800fe1,n=f290} still in use (1)
1386286 - CVE-2015-8970 kernel: crypto: GPF in lrw_crypt caused by null-deref
1389433 - CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
1391299 - [LLNL 7.4 Bug] Crash in Infiniband rdmavt layer when kernel consumer exhausts queue pairs
1393904 - CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
1394089 - [LLNL 7.4 Bug] 7.3 regression: the kernel does not create the /sys/block/<sd device>/devices/enclosure_device symlinks
1395104 - pci 0000:ff:1e.3: [Firmware Bug]: reg 0x10: invalid BAR (can't size)
1396578 - RFE: Backport virtio-net multi-queue enablement by default patch
1396941 - CVE-2016-9685 kernel: Memory leaks in xfs_attr_list.c error paths
1399830 - GFS2: fallocate error message during gfs2_grow
1401433 - Vhost tx batching
1401436 - lockless en-queuing for vhost
1401502 - CVE-2016-9806 kernel: netlink: double-free in netlink_dump
1403145 - CVE-2016-9576 kernel: Use after free in SCSI generic device interface
1404200 - CVE-2016-10147 kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm
1404924 - CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS
1406885 - server supports labeled NFS by default
1412210 - CVE-2016-10088 kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
1412234 - extend virtio-net to expose host MTU to guest
1415780 - File permissions are not getting set as expected on nfs v4.0 mount
1416532 - Symlinks removed and replaced on an nfs mount from another system receive STALE nfs error and EIO from readlink()
1417812 - CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon
1418962 - Broken net:[...] instead of path for net namespaces in /proc/self/mounts
1421638 - CVE-2017-5970 kernel: ipv4: Invalid IP options could cause skb->dst drop
1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls
1424076 - vxlan: performance can suffer unless GRO is disabled on vxlan interface
1428353 - CVE-2017-2647 kernel: Null pointer dereference in search_keyring
1428684 - RFE: Backport of ICMP ratelimit fixes.
1428973 - PANIC: "kernel BUG at fs/ceph/addr.c:91!"
1430225 - kernel: fix crash in uio_release
1430347 - CVE-2016-10200 kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature
1433252 - CVE-2017-6951 kernel: NULL pointer dereference in keyring_search_aux function
1433831 - NVMe SSD fails to initialize on AWS i3.4xlarge instances
1434327 - CVE-2017-7187 kernel: scsi: Stack-based buffer overflow in sg_ioctl function
1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
1443999 - Deadlock in reshape on single core machine
1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
1445054 - Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN tunnels
1448312 - kernel panics in mce_register_decode_chain when booted on qemu
1450203 - Irrelevant upper layer protocol traffic may erroneously "confirm" neigh entries
1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
1452679 - CVE-2017-9074 kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
1456388 - CVE-2017-9242 kernel: Incorrect overwrite check in __ip6_append_data()
1463241 - rlimit_stack problems after update to 3.10.0-514.21.2.el7, and  JVM Crash after updating to kernel-3.10.0-514.21.2.el7.x86_64
1466329 - CVE-2017-8797 kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-693.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.el7.noarch.rpm
kernel-doc-3.10.0-693.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.el7.x86_64.rpm
kernel-debug-3.10.0-693.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-devel-3.10.0-693.el7.x86_64.rpm
kernel-headers-3.10.0-693.el7.x86_64.rpm
kernel-tools-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.el7.x86_64.rpm
perf-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-693.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.el7.noarch.rpm
kernel-doc-3.10.0-693.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.el7.x86_64.rpm
kernel-debug-3.10.0-693.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-devel-3.10.0-693.el7.x86_64.rpm
kernel-headers-3.10.0-693.el7.x86_64.rpm
kernel-tools-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.el7.x86_64.rpm
perf-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-693.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.el7.noarch.rpm
kernel-doc-3.10.0-693.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.el7.ppc64.rpm
kernel-debug-3.10.0-693.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.el7.ppc64.rpm
kernel-devel-3.10.0-693.el7.ppc64.rpm
kernel-headers-3.10.0-693.el7.ppc64.rpm
kernel-tools-3.10.0-693.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.el7.ppc64.rpm
perf-3.10.0-693.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.el7.ppc64.rpm
python-perf-3.10.0-693.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.el7.ppc64le.rpm
kernel-debug-3.10.0-693.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.el7.ppc64le.rpm
kernel-devel-3.10.0-693.el7.ppc64le.rpm
kernel-headers-3.10.0-693.el7.ppc64le.rpm
kernel-tools-3.10.0-693.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.el7.ppc64le.rpm
perf-3.10.0-693.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.el7.ppc64le.rpm
python-perf-3.10.0-693.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.el7.s390x.rpm
kernel-debug-3.10.0-693.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.el7.s390x.rpm
kernel-devel-3.10.0-693.el7.s390x.rpm
kernel-headers-3.10.0-693.el7.s390x.rpm
kernel-kdump-3.10.0-693.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.el7.s390x.rpm
perf-3.10.0-693.el7.s390x.rpm
perf-debuginfo-3.10.0-693.el7.s390x.rpm
python-perf-3.10.0-693.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.el7.x86_64.rpm
kernel-debug-3.10.0-693.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-devel-3.10.0-693.el7.x86_64.rpm
kernel-headers-3.10.0-693.el7.x86_64.rpm
kernel-tools-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.el7.x86_64.rpm
perf-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
kernel-doc-3.10.0-693.el7.noarch.rpm

ppc64:
kernel-debug-debuginfo-3.10.0-693.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-693.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.el7.noarch.rpm
kernel-doc-3.10.0-693.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.el7.x86_64.rpm
kernel-debug-3.10.0-693.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-devel-3.10.0-693.el7.x86_64.rpm
kernel-headers-3.10.0-693.el7.x86_64.rpm
kernel-tools-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.el7.x86_64.rpm
perf-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-7970
https://access.redhat.com/security/cve/CVE-2014-7975
https://access.redhat.com/security/cve/CVE-2015-8839
https://access.redhat.com/security/cve/CVE-2015-8970
https://access.redhat.com/security/cve/CVE-2016-10088
https://access.redhat.com/security/cve/CVE-2016-10147
https://access.redhat.com/security/cve/CVE-2016-10200
https://access.redhat.com/security/cve/CVE-2016-6213
https://access.redhat.com/security/cve/CVE-2016-7042
https://access.redhat.com/security/cve/CVE-2016-7097
https://access.redhat.com/security/cve/CVE-2016-8645
https://access.redhat.com/security/cve/CVE-2016-9576
https://access.redhat.com/security/cve/CVE-2016-9588
https://access.redhat.com/security/cve/CVE-2016-9604
https://access.redhat.com/security/cve/CVE-2016-9685
https://access.redhat.com/security/cve/CVE-2016-9806
https://access.redhat.com/security/cve/CVE-2017-2596
https://access.redhat.com/security/cve/CVE-2017-2647
https://access.redhat.com/security/cve/CVE-2017-2671
https://access.redhat.com/security/cve/CVE-2017-5970
https://access.redhat.com/security/cve/CVE-2017-6001
https://access.redhat.com/security/cve/CVE-2017-6951
https://access.redhat.com/security/cve/CVE-2017-7187
https://access.redhat.com/security/cve/CVE-2017-7616
https://access.redhat.com/security/cve/CVE-2017-7889
https://access.redhat.com/security/cve/CVE-2017-8797
https://access.redhat.com/security/cve/CVE-2017-8890
https://access.redhat.com/security/cve/CVE-2017-9074
https://access.redhat.com/security/cve/CVE-2017-9075
https://access.redhat.com/security/cve/CVE-2017-9076
https://access.redhat.com/security/cve/CVE-2017-9077
https://access.redhat.com/security/cve/CVE-2017-9242
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZgN42XlSAg2UNWIIRAs7YAJ40sOdTU/cmA6d/QzYuwiIuALwLiACeLnD9
btHpt1cpE4kDzP3myDfyghI=
=685v
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F143610)

Red Hat Security Advisory 2017-2077-01 (PacketStormID:F143610)
2017-08-02 00:00:00
Red Hat  
advisory,kernel,local
linux,redhat
CVE-2014-7970,CVE-2014-7975,CVE-2015-8839,CVE-2015-8970,CVE-2016-10088,CVE-2016-10147,CVE-2016-10200,CVE-2016-6213,CVE-2016-7042,CVE-2016-7097,CVE-2016-8645,CVE-2016-9576,CVE-2016-9588,CVE-2016-9604,CVE-2016-9685,CVE-2016-9806,CVE-2017-2596,CVE-2017-2647,CVE-2017-2671,CVE-2017-5970,CVE-2017-6001,CVE-2017-6951,CVE-2017-7187,CVE-2017-7616,CVE-2017-7889,CVE-2017-8797,CVE-2017-8890,CVE-2017-9074
[点击下载]

Red Hat Security Advisory 2017-2077-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:2077-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2077
Issue date:        2017-08-01
CVE Names:         CVE-2014-7970 CVE-2014-7975 CVE-2015-8839 
                   CVE-2015-8970 CVE-2016-10088 CVE-2016-10147 
                   CVE-2016-10200 CVE-2016-6213 CVE-2016-7042 
                   CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 
                   CVE-2016-9588 CVE-2016-9604 CVE-2016-9685 
                   CVE-2016-9806 CVE-2017-2596 CVE-2017-2647 
                   CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 
                   CVE-2017-6951 CVE-2017-7187 CVE-2017-7616 
                   CVE-2017-7889 CVE-2017-8797 CVE-2017-8890 
                   CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 
                   CVE-2017-9077 CVE-2017-9242 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An use-after-free flaw was found in the Linux kernel which enables a race
condition in the L2TPv3 IP Encapsulation feature. A local user could use
this flaw to escalate their privileges or crash the system.
(CVE-2016-10200, Important)

* A flaw was found that can be triggered in keyring_search_iterator in
keyring.c if type->match is NULL. A local user could use this flaw to crash
the system or, potentially, escalate their privileges. (CVE-2017-2647,
Important)

* It was found that the NFSv4 server in the Linux kernel did not properly
validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO
operands. A remote attacker could use this flaw to soft-lockup the system
and thus cause denial of service. (CVE-2017-8797, Important)

This update also fixes multiple Moderate and Low impact security issues:

* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,
CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806,
CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671,
CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616,
CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075,
CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,
CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685

Documentation for these issues is available from the Release Notes document
linked from the References section.

Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin
(Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily
Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting
CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596.
The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the
CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan
Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by
Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David
Howells (Red Hat).

Additional Changes:

For detailed information on other changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1151095 - CVE-2014-7970 Kernel: fs: VFS denial of service
1151108 - CVE-2014-7975 Kernel: fs: umount denial of service
1323577 - CVE-2015-8839 kernel: ext4 filesystem page fault race condition with fallocate call.
1356471 - CVE-2016-6213 kernel: Overflowing kernel mount table using shared bind mount
1368938 - CVE-2016-7097 kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
1373966 - CVE-2016-7042 kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
1377840 - kernel-rt: update to the RHEL7.3.z batch#1 source tree
1378172 - KVM-RT: halting and starting guests cause latency spikes
1386286 - CVE-2015-8970 kernel: crypto: GPF in lrw_crypt caused by null-deref
1389215 - RT kernel panics with dm-multipath enabled
1389433 - CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
1393904 - CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
1396941 - CVE-2016-9685 kernel: Memory leaks in xfs_attr_list.c error paths
1400188 - kernel-rt: update to the RHEL7.3.z batch#2 source tree
1401502 - CVE-2016-9806 kernel: netlink: double-free in netlink_dump
1403145 - CVE-2016-9576 kernel: Use after free in SCSI generic device interface
1404200 - CVE-2016-10147 kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm
1404924 - CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS
1412210 - CVE-2016-10088 kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
1414052 - kernel-rt: update to the RHEL7.3.z batch#3 source tree
1417812 - CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon
1421638 - CVE-2017-5970 kernel: ipv4: Invalid IP options could cause skb->dst drop
1421801 - [rt] update driver modifications from upstream PREEMPT_RT patchset
1421810 - [rt] implement the simple work queue from upstream PREEMPT_RT series
1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls
1425780 - latencyhist: disable jump-labels
1426661 - BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:915
1427626 - [rt] x86_64 specific updates from upstream PREEMPT_RT patchset
1427647 - [rt] dump stack: don't disable preemption during trace
1427991 - lockdep: selftest: fix warnings due to missing PREEMPT_RT conditionals
1428353 - CVE-2017-2647 kernel: Null pointer dereference in search_keyring
1428890 - update softirq: Check preemption after reenabling interrupts
1428943 - Consider backport "ftrace: Fix trace header alignment"
1429610 - kernel-rt: update to the RHEL7.3.z batch#4 source tree
1429640 - [rt] ipc/msg: Implement lockless pipelined wakeups
1429951 - [rt] fs: dcache: Use cpu_chill() in trylock loops
1429977 - workqueue: use rcu_readlock() in put_pwq_unlocked()
1430023 - snd/pcm: fix snd_pcm_stream_lock*() irqs_disabled() splats
1430038 - Add missing hunk for upstream skbufhead-raw-lock RT patches
1430074 - Backport "net: dev: always take qdisc's busylock in __dev_xmit_skb" upstream RT patch
1430347 - CVE-2016-10200 kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature
1430353 - net: add back the missing serialization in  ip_send_unicast_reply()
1430926 - percpu_ida: Use local locks
1430946 - sas-ata/isci: dont't disable interrupts in qc_issue handler
1431104 - cpu hotplug: Document why PREEMPT_RT uses a spinlock
1432118 - hotplug: Use set_cpus_allowed_ptr() in sync_unplug_thread()
1433252 - CVE-2017-6951 kernel: NULL pointer dereference in keyring_search_aux function
1434327 - CVE-2017-7187 kernel: scsi: Stack-based buffer overflow in sg_ioctl function
1434616 - CPU hotplug causes lglock to be taken from atomic context
1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
1438512 - [rt] pull patchset that lifts single reader restriction on rwsems
1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
1441552 - kernel BUG at kernel/sched/rt.c:2021!
1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
1452240 - kvmgt.ko needs unknown symbol
1452679 - CVE-2017-9074 kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
1456388 - CVE-2017-9242 kernel: Incorrect overwrite check in __ip6_append_data()
1459056 - Boot/Shutdown RT guest with kernel-rt-debug will cause "BUG: sleeping function called from invalid context at kernel/rtmutex.c:818"
1466329 - CVE-2017-8797 kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-693.rt56.617.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.rt56.617.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-devel-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:
kernel-rt-3.10.0-693.rt56.617.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.rt56.617.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-devel-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.rt56.617.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.rt56.617.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-7970
https://access.redhat.com/security/cve/CVE-2014-7975
https://access.redhat.com/security/cve/CVE-2015-8839
https://access.redhat.com/security/cve/CVE-2015-8970
https://access.redhat.com/security/cve/CVE-2016-10088
https://access.redhat.com/security/cve/CVE-2016-10147
https://access.redhat.com/security/cve/CVE-2016-10200
https://access.redhat.com/security/cve/CVE-2016-6213
https://access.redhat.com/security/cve/CVE-2016-7042
https://access.redhat.com/security/cve/CVE-2016-7097
https://access.redhat.com/security/cve/CVE-2016-8645
https://access.redhat.com/security/cve/CVE-2016-9576
https://access.redhat.com/security/cve/CVE-2016-9588
https://access.redhat.com/security/cve/CVE-2016-9604
https://access.redhat.com/security/cve/CVE-2016-9685
https://access.redhat.com/security/cve/CVE-2016-9806
https://access.redhat.com/security/cve/CVE-2017-2596
https://access.redhat.com/security/cve/CVE-2017-2647
https://access.redhat.com/security/cve/CVE-2017-2671
https://access.redhat.com/security/cve/CVE-2017-5970
https://access.redhat.com/security/cve/CVE-2017-6001
https://access.redhat.com/security/cve/CVE-2017-6951
https://access.redhat.com/security/cve/CVE-2017-7187
https://access.redhat.com/security/cve/CVE-2017-7616
https://access.redhat.com/security/cve/CVE-2017-7889
https://access.redhat.com/security/cve/CVE-2017-8797
https://access.redhat.com/security/cve/CVE-2017-8890
https://access.redhat.com/security/cve/CVE-2017-9074
https://access.redhat.com/security/cve/CVE-2017-9075
https://access.redhat.com/security/cve/CVE-2017-9076
https://access.redhat.com/security/cve/CVE-2017-9077
https://access.redhat.com/security/cve/CVE-2017-9242
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZgNAjXlSAg2UNWIIRAuryAKC6c1FniVFNtFP/MFvItZ4NwaxbFACgnu9I
keucu1D/rxOBxOL12VhQztA=
=uyJd
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F144031)

Red Hat Security Advisory 2017-2669-01 (PacketStormID:F144031)
2017-09-06 00:00:00
Red Hat  
advisory,kernel
linux,redhat
CVE-2015-8839,CVE-2016-10088,CVE-2016-7042,CVE-2016-7097,CVE-2016-8645,CVE-2016-9576,CVE-2016-9604,CVE-2016-9685,CVE-2016-9806,CVE-2017-2671,CVE-2017-5970,CVE-2017-6001,CVE-2017-6951,CVE-2017-7187,CVE-2017-7533,CVE-2017-7889,CVE-2017-8797,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077
[点击下载]

Red Hat Security Advisory 2017-2669-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2017:2669-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2669
Issue date:        2017-09-06
CVE Names:         CVE-2015-8839 CVE-2016-10088 CVE-2016-7042 
                   CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 
                   CVE-2016-9604 CVE-2016-9685 CVE-2016-9806 
                   CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 
                   CVE-2017-6951 CVE-2017-7187 CVE-2017-7533 
                   CVE-2017-7889 CVE-2017-8797 CVE-2017-8890 
                   CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 
                   CVE-2017-9077 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* A race condition was found in the Linux kernel, present since v3.14-rc1
through v4.12. The race happens between threads of inotify_handle_event()
and vfs_rename() while running the rename operation against the same file.
As a result of the race the next slab data or the slab's free list pointer
can be corrupted with attacker-controlled data, which may lead to the
privilege escalation. (CVE-2017-7533, Important)

* It was found that the NFSv4 server in the Linux kernel did not properly
validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO
operands. A remote attacker could use this flaw to soft-lockup the system
and thus cause denial of service. (CVE-2017-8797, Important)

This update also fixes multiple Moderate and Low impact security issues:

CVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097
CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671
CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889
CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890
CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685

Documentation for these issues are available from the Technical Notes
document linked to in the References section.

Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The
University of Hong Kong), and Shixiong Zhao (The University of Hong Kong)
for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645.
The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the
CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan
Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red
Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1323577 - CVE-2015-8839 kernel: ext4 filesystem page fault race condition with fallocate call.
1368938 - CVE-2016-7097 kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
1373966 - CVE-2016-7042 kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
1389433 - CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
1393904 - CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
1396941 - CVE-2016-9685 kernel: Memory leaks in xfs_attr_list.c error paths
1401502 - CVE-2016-9806 kernel: netlink: double-free in netlink_dump
1403145 - CVE-2016-9576 kernel: Use after free in SCSI generic device interface
1412210 - CVE-2016-10088 kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
1421638 - CVE-2017-5970 kernel: ipv4: Invalid IP options could cause skb->dst drop
1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls
1433252 - CVE-2017-6951 kernel: NULL pointer dereference in keyring_search_aux function
1434327 - CVE-2017-7187 kernel: scsi: Stack-based buffer overflow in sg_ioctl function
1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
1452679 - CVE-2017-9074 kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
1466329 - CVE-2017-8797 kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand
1468283 - CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()
1479016 - update the MRG 2.5.z 3.10 kernel-rt sources

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-693.2.1.rt56.585.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.2.1.rt56.585.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-693.2.1.rt56.585.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-693.2.1.rt56.585.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8839
https://access.redhat.com/security/cve/CVE-2016-10088
https://access.redhat.com/security/cve/CVE-2016-7042
https://access.redhat.com/security/cve/CVE-2016-7097
https://access.redhat.com/security/cve/CVE-2016-8645
https://access.redhat.com/security/cve/CVE-2016-9576
https://access.redhat.com/security/cve/CVE-2016-9604
https://access.redhat.com/security/cve/CVE-2016-9685
https://access.redhat.com/security/cve/CVE-2016-9806
https://access.redhat.com/security/cve/CVE-2017-2671
https://access.redhat.com/security/cve/CVE-2017-5970
https://access.redhat.com/security/cve/CVE-2017-6001
https://access.redhat.com/security/cve/CVE-2017-6951
https://access.redhat.com/security/cve/CVE-2017-7187
https://access.redhat.com/security/cve/CVE-2017-7533
https://access.redhat.com/security/cve/CVE-2017-7889
https://access.redhat.com/security/cve/CVE-2017-8797
https://access.redhat.com/security/cve/CVE-2017-8890
https://access.redhat.com/security/cve/CVE-2017-9074
https://access.redhat.com/security/cve/CVE-2017-9075
https://access.redhat.com/security/cve/CVE-2017-9076
https://access.redhat.com/security/cve/CVE-2017-9077
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3173821

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZsFzhXlSAg2UNWIIRAk+ZAKCwZxxwdwsC61XBWx+e7/5bv0SOTACggHCK
2JbsDPSU1D6buN+KOzji9XY=
=5QkH
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F144229)

Ubuntu Security Notice USN-3422-2 (PacketStormID:F144229)
2017-09-19 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,overflow,kernel,vulnerability
linux,ubuntu
CVE-2016-10044,CVE-2016-10200,CVE-2016-7097,CVE-2016-8650,CVE-2016-9083,CVE-2016-9084,CVE-2016-9178,CVE-2016-9191,CVE-2016-9604,CVE-2016-9754,CVE-2017-1000251,CVE-2017-5970,CVE-2017-6214,CVE-2017-6346,CVE-2017-6951,CVE-2017-7187,CVE-2017-7472,CVE-2017-7541
[点击下载]

Ubuntu Security Notice 3422-2 - USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3422-2
September 18, 2017

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  linux-image-3.13.0-132-generic  3.13.0-132.181~precise1
  linux-image-3.13.0-132-generic-lpae  3.13.0-132.181~precise1
  linux-image-generic-lpae-lts-trusty  3.13.0.132.122
  linux-image-generic-lts-trusty  3.13.0.132.122

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3422-2
  https://www.ubuntu.com/usn/usn-3422-1
  CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650,
  CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191,
  CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970,
  CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187,
  CVE-2017-7472, CVE-2017-7541

    

- 漏洞信息 (F144227)

Ubuntu Security Notice USN-3422-1 (PacketStormID:F144227)
2017-09-19 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,overflow,kernel,vulnerability
linux,ubuntu
CVE-2016-10044,CVE-2016-10200,CVE-2016-7097,CVE-2016-8650,CVE-2016-9083,CVE-2016-9084,CVE-2016-9178,CVE-2016-9191,CVE-2016-9604,CVE-2016-9754,CVE-2017-1000251,CVE-2017-5970,CVE-2017-6214,CVE-2017-6346,CVE-2017-6951,CVE-2017-7187,CVE-2017-7472,CVE-2017-7541
[点击下载]

Ubuntu Security Notice 3422-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. It was discovered that the asynchronous I/O subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3422-1
September 18, 2017

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-132-generic  3.13.0-132.181
  linux-image-3.13.0-132-generic-lpae  3.13.0-132.181
  linux-image-3.13.0-132-lowlatency  3.13.0-132.181
  linux-image-3.13.0-132-powerpc-e500  3.13.0-132.181
  linux-image-3.13.0-132-powerpc-e500mc  3.13.0-132.181
  linux-image-3.13.0-132-powerpc-smp  3.13.0-132.181
  linux-image-3.13.0-132-powerpc64-emb  3.13.0-132.181
  linux-image-3.13.0-132-powerpc64-smp  3.13.0-132.181
  linux-image-generic             3.13.0.132.141
  linux-image-generic-lpae        3.13.0.132.141
  linux-image-lowlatency          3.13.0.132.141
  linux-image-powerpc-e500        3.13.0.132.141
  linux-image-powerpc-e500mc      3.13.0.132.141
  linux-image-powerpc-smp         3.13.0.132.141
  linux-image-powerpc64-emb       3.13.0.132.141
  linux-image-powerpc64-smp       3.13.0.132.141

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3422-1
  CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650,
  CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191,
  CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970,
  CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187,
  CVE-2017-7472, CVE-2017-7541

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-132.181

    

- 漏洞信息

Linux Kernel 'security/keys/keyctl.c' Local Security Bypass Vulnerability
Design Error 102135
No Yes
2017-04-18 12:00:00 2017-12-12 12:12:00
David Howells

- 受影响的程序版本

Ubuntu Ubuntu Linux 17.04
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS
Redhat Enterprise Mrg 2
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
Oracle Linux 7
Oracle Linux 6
Linux kernel 4.10.15
Linux kernel 4.10.13
Linux kernel 4.10.12
Linux kernel 4.10.10
Linux kernel 4.10.6
Linux kernel 4.10.4
Linux kernel 4.10
Linux kernel 4.1.4
Linux kernel 4.1.1
Linux kernel 4.0.6
Linux kernel 3.19.3
Linux kernel 3.18.22
Linux kernel 3.18.17
Linux kernel 3.18.11
Linux kernel 3.18.8
Linux kernel 3.18.7
Linux kernel 3.18.3
Linux kernel 3.18.2
Linux kernel 3.18.1
Linux kernel 3.17.4
Linux kernel 3.17.2
Linux kernel 3.16.7
Linux kernel 3.16.2
Linux kernel 3.16.1
Linux kernel 3.15.10
Linux kernel 3.15.5
Linux kernel 3.15.2
Linux kernel 3.14.54
Linux kernel 3.14.45
Linux kernel 3.14.37
Linux kernel 3.14.4
Linux kernel 3.14.3
Linux kernel 3.14.2
Linux kernel 3.13.11
Linux kernel 3.13.9
Linux kernel 3.13.3
Linux kernel 3.13.1
Linux kernel 3.12.49
Linux kernel 3.12.48
Linux kernel 3.12.44
Linux kernel 3.12.40
Linux kernel 3.12.21
Linux kernel 3.12.18
Linux kernel 3.12.17
Linux kernel 3.12.16
Linux kernel 3.12.11
Linux kernel 3.12.7
Linux kernel 3.12.4
Linux kernel 3.12.3
Linux kernel 3.12.2
Linux kernel 3.11.3
Linux kernel 3.10.90
Linux kernel 3.10.81
Linux kernel 3.10.73
Linux kernel 3.10.45
Linux kernel 3.10.41
Linux kernel 3.10.38
Linux kernel 3.10.37
Linux kernel 3.10.36
Linux kernel 3.10.30
Linux kernel 3.10.27
Linux kernel 3.10.26
Linux kernel 3.10.23
Linux kernel 3.10.22
Linux kernel 3.10.21
Linux kernel 3.10.14
Linux kernel 3.10.10
Linux kernel 3.10.9
Linux kernel 3.10.7
Linux kernel 3.10
Linux kernel 3.8.6
Linux kernel 3.8.5
Linux kernel 3.8.4
Linux kernel 3.8.2
Linux kernel 3.8.1
Linux kernel 3.7.10
Linux kernel 3.7.9
Linux kernel 3.7.8
Linux kernel 3.7.7
Linux kernel 3.7.5
Linux kernel 3.7.4
Linux kernel 3.7.3
Linux kernel 3.7.2
Linux kernel 3.7.1
Linux kernel 3.6.11
Linux kernel 3.6.10
Linux kernel 3.6.9
Linux kernel 3.6.8
Linux kernel 3.6.7
Linux kernel 3.6.6
Linux kernel 3.6.5
Linux kernel 3.6.4
Linux kernel 3.6.3
Linux kernel 3.6.2
Linux kernel 3.6.1
Linux kernel 3.5.7
Linux kernel 3.5.6
Linux kernel 3.5.5
Linux kernel 3.5.4
Linux kernel 3.5.3
Linux kernel 3.5.2
Linux kernel 3.5.1
Linux kernel 3.4.88
Linux kernel 3.4.87
Linux kernel 3.4.86
Linux kernel 3.4.80
Linux kernel 3.4.76
Linux kernel 3.4.73
Linux kernel 3.4.72
Linux kernel 3.4.71
Linux kernel 3.4.64
Linux kernel 3.4.58
Linux kernel 3.4.36
Linux kernel 3.4.32
Linux kernel 3.4.31
Linux kernel 3.4.27
Linux kernel 3.4.26
Linux kernel 3.4.25
Linux kernel 3.4.21
Linux kernel 3.4.20
Linux kernel 3.4.19
Linux kernel 3.4.18
Linux kernel 3.4.17
Linux kernel 3.4.16
Linux kernel 3.4.15
Linux kernel 3.4.14
Linux kernel 3.4.13
Linux kernel 3.4.12
Linux kernel 3.4.11
Linux kernel 3.4.10
Linux kernel 3.4.9
Linux kernel 3.4.8
Linux kernel 3.4.7
Linux kernel 3.4.6
Linux kernel 3.4.5
Linux kernel 3.4.3
Linux kernel 3.4.2
Linux kernel 3.4.1
Linux kernel 3.3.5
Linux kernel 3.3.4
Linux kernel 3.3.2
Linux kernel 3.2.82
Linux kernel 3.2.72
Linux kernel 3.2.62
Linux kernel 3.2.57
Linux kernel 3.2.56
Linux kernel 3.2.51
Linux kernel 3.2.24
Linux kernel 3.2.23
Linux kernel 3.2.13
Linux kernel 3.2.12
Linux kernel 3.2.9
Linux kernel 3.2.1
Linux kernel 3.1.8
Linux kernel 3.0.98
Linux kernel 3.0.75
Linux kernel 3.0.72
Linux kernel 3.0.69
Linux kernel 3.0.65
Linux kernel 3.0.60
Linux kernel 3.0.59
Linux kernel 3.0.58
Linux kernel 3.0.37
Linux kernel 3.0.34
Linux kernel 3.0.5
Linux kernel 3.0.4
Linux kernel 3.0.2
Linux kernel 3.0.1
Linux kernel 2.6.39
Linux kernel 2.6.38
Linux kernel 2.6.37
Linux kernel 2.6.36
Linux kernel 2.6.35
Linux kernel 2.6.34
Linux kernel 2.6.33
Linux kernel 2.6.32 .9
Linux kernel 2.6.32
Linux kernel 2.6.31
Linux kernel 2.6.30
Linux kernel 2.6.29
Linux kernel 2.6.28
Linux kernel 2.6.27
Linux kernel 2.6.26
Linux kernel 2.6.25
Linux kernel 2.6.24
Linux kernel 2.6.23
Linux kernel 2.6.22
Linux kernel 2.6.21
Linux kernel 2.6.19
Linux kernel 2.6.17
Linux kernel 2.6.16
Linux kernel 2.6.15
Linux kernel 2.6.14
Linux kernel 2.6.13
Linux kernel 2.6.12
Linux kernel 2.6.11
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1
Linux kernel 2.6
Linux kernel 4.4.14
Linux kernel 4.4.1
Linux kernel 4.4.0-57
Linux kernel 4.11
Linux kernel 4.10.9
Linux kernel 4.10.8
Linux kernel 4.10.7
Linux kernel 4.10.5
Linux kernel 4.10.3
Linux kernel 4.10.2
Linux kernel 4.10.11
Linux kernel 4.10.1
Linux kernel 4.10-rc8
Linux kernel 4.10-rc1
Linux kernel 4.1.15
Linux kernel 4.1
Linux kernel 4.0.5
Linux kernel 4.0
Linux kernel 3.8
Linux kernel 3.7.6
Linux kernel 3.7
Linux kernel 3.6
Linux kernel 3.5
Linux kernel 3.4.93
Linux kernel 3.4.81
Linux kernel 3.4.70
Linux kernel 3.4.67
Linux kernel 3.4.29
Linux kernel 3.4
Linux kernel 3.3
Linux kernel 3.2.81
Linux kernel 3.2.78
Linux kernel 3.2.65
Linux kernel 3.2.64
Linux kernel 3.2.63
Linux kernel 3.2.60
Linux kernel 3.2.55
Linux kernel 3.2.54
Linux kernel 3.2.53
Linux kernel 3.2.52
Linux kernel 3.2.50
Linux kernel 3.2.44
Linux kernel 3.2.42
Linux kernel 3.2.38
Linux kernel 3.2.2
Linux kernel 3.2
Linux kernel 3.19
Linux kernel 3.18.9
Linux kernel 3.18
Linux kernel 3.17.6
Linux kernel 3.17
Linux kernel 3.16.6
Linux kernel 3.16.36
Linux kernel 3.16
Linux kernel 3.15
Linux kernel 3.14.73
Linux kernel 3.14.7
Linux kernel 3.14.5
Linux kernel 3.14-4
Linux kernel 3.14-1
Linux kernel 3.14
Linux kernel 3.13.7
Linux kernel 3.13.6
Linux kernel 3.13.5
Linux kernel 3.13.4
Linux kernel 3.13.0
Linux kernel 3.13
Linux kernel 3.12.22
Linux kernel 3.12.15
Linux kernel 3.12.14
Linux kernel 3.12.12
Linux kernel 3.12.1
Linux kernel 3.12
Linux kernel 3.11.9
Linux kernel 3.11.6
Linux kernel 3.11
Linux kernel 3.10.5
Linux kernel 3.10.43
Linux kernel 3.10.31
Linux kernel 3.10.20
Linux kernel 3.10.17
Linux kernel 3.10
Linux kernel 3.1
Linux kernel 3.0.66
Linux kernel 3.0.62
Linux kernel 3.0.18
Linux kernel 3.0
Linux kernel 2.6.38.6
Linux kernel 2.6.38.4
Linux kernel 2.6.38.3
Linux kernel 2.6.38.2
Linux kernel 2.6.37.2
Linux kernel 2.6.32.8
Linux kernel 2.6.32.7
Linux kernel 2.6.32.62
Linux kernel 2.6.32.61
Linux kernel 2.6.32.60
Linux kernel 2.6.32.6
Linux kernel 2.6.32.5
Linux kernel 2.6.32.3
Linux kernel 2.6.32.28
Linux kernel 2.6.32.15
Linux kernel 2.6.32.14
Linux kernel 2.6.32.13
Linux kernel 2.6.32.12
Linux kernel 2.6.32.11
Linux kernel 2.6.32.10
Linux kernel 2.6.32.1
Linux kernel 2.6.31.6
Linux kernel 2.6.31.4
Linux kernel 2.6.31.1
Linux kernel 2.6.30.5
Linux kernel 2.6.30.4
Linux kernel 2.6.30.3
Linux kernel 2.6.28.4
Linux kernel 2.6.28.10
Linux kernel 2.6.27.54
Linux kernel 2.6.27.51
Linux kernel 2.6.27.49
Linux kernel 2.6.27.26
Linux kernel 2.6.26.1
Linux kernel 2.6.25.4
Linux kernel 2.6.25.3
Linux kernel 2.6.25.2
Linux kernel 2.6.25.1
Linux kernel 2.6.24.6
Linux kernel 2.6.24.4
Linux kernel 2.6.24.3
Linux kernel 2.6.23.14
Linux kernel 2.6.23.10
Linux kernel 2.6.23.1
Linux kernel 2.6.18

- 漏洞讨论

The Linux Kernel is prone to a local security-bypass vulnerability.

A local attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站