CVE-2018-5803
CVSSN/A
发布时间 :2018-06-12 12:29:00
修订时间 :2018-07-12 21:29:03
NMP    

[原文]In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5803
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5803
(官方数据源) NVD

- 其它链接及资源

https://access.redhat.com/errata/RHSA-2018:1854
(UNKNOWN)  REDHAT  RHSA-2018:1854
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
(UNKNOWN)  CONFIRM  https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
(UNKNOWN)  CONFIRM  https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
(UNKNOWN)  CONFIRM  https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
(UNKNOWN)  CONFIRM  https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
(UNKNOWN)  CONFIRM  https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
(UNKNOWN)  CONFIRM  https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
(UNKNOWN)  CONFIRM  https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
(UNKNOWN)  MLIST  [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
https://secuniaresearch.flexerasoftware.com/advisories/81331/
(UNKNOWN)  SECUNIA  81331
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
(UNKNOWN)  MISC  https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
https://usn.ubuntu.com/3654-1/
(UNKNOWN)  UBUNTU  USN-3654-1
https://usn.ubuntu.com/3654-2/
(UNKNOWN)  UBUNTU  USN-3654-2
https://usn.ubuntu.com/3656-1/
(UNKNOWN)  UBUNTU  USN-3656-1
https://usn.ubuntu.com/3697-1/
(UNKNOWN)  UBUNTU  USN-3697-1
https://usn.ubuntu.com/3697-2/
(UNKNOWN)  UBUNTU  USN-3697-2
https://usn.ubuntu.com/3698-1/
(UNKNOWN)  UBUNTU  USN-3698-1
https://usn.ubuntu.com/3698-2/
(UNKNOWN)  UBUNTU  USN-3698-2
https://www.debian.org/security/2018/dsa-4187
(UNKNOWN)  DEBIAN  DSA-4187
https://www.debian.org/security/2018/dsa-4188
(UNKNOWN)  DEBIAN  DSA-4188
https://www.spinics.net/lists/linux-sctp/msg07036.html
(UNKNOWN)  MLIST  [linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending
https://www.spinics.net/lists/netdev/msg482523.html
(UNKNOWN)  MLIST  [netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information

- 漏洞信息 (F147454)

Debian Security Advisory 4188-1 (PacketStormID:F147454)
2018-05-03 00:00:00
Debian  debian.org
advisory,denial of service,kernel,vulnerability
linux,debian
CVE-2017-17975,CVE-2017-18193,CVE-2017-18216,CVE-2017-18218,CVE-2017-18222,CVE-2017-18224,CVE-2017-18241,CVE-2017-18257,CVE-2017-5715,CVE-2017-5753,CVE-2018-1000199,CVE-2018-10323,CVE-2018-1065,CVE-2018-1066,CVE-2018-1068,CVE-2018-1092,CVE-2018-1093,CVE-2018-1108,CVE-2018-5803,CVE-2018-7480,CVE-2018-7566,CVE-2018-7740,CVE-2018-7757,CVE-2018-7995,CVE-2018-8087,CVE-2018-8781,CVE-2018-8822
[点击下载]

Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4188-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 01, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193
                 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224
                 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066
                 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108
                 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740
                 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781
                 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 2 (branch
    target injection) and is mitigated for the x86 architecture (amd64
    and i386) by using the "retpoline" compiler feature which allows
    indirect branches to be isolated from speculative execution.

CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying vulnerable
    code sections (array bounds checking followed by array access) and
    replacing the array access with the speculation-safe
    array_index_nospec() function.

    More use sites will be added over time.

CVE-2017-17975

    Tuba Yavuz reported a use-after-free flaw in the USBTV007
    audio-video grabber driver. A local user could use this for denial
    of service by triggering failure of audio registration.

CVE-2017-18193

    Yunlei He reported that the f2fs implementation does not properly
    handle extent trees, allowing a local user to cause a denial of
    service via an application with multiple threads.

CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations,
    potentially leading to a null pointer dereference.  A local user
    could use this for denial of service.

CVE-2017-18218

    Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet
    driver. A local user could use this for denial of service.

CVE-2017-18222

    It was reported that the Hisilicon Network Subsystem (HNS) driver
    implementation does not properly handle ethtool private flags. A
    local user could use this for denial of service or possibly have
    other impact.

CVE-2017-18224

    Alex Chen reported that the OCFS2 filesystem omits the use of a
    semaphore and consequently has a race condition for access to the
    extent tree during read operations in DIRECT mode. A local user
    could use this for denial of service.

CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly
    initialise its state if the "noflush_merge" mount option is used.
    A local user with access to a filesystem mounted with this option
    could use this to cause a denial of service.

CVE-2017-18257

    It was reported that the f2fs implementation is prone to an infinite
    loop caused by an integer overflow in the __get_data_block()
    function. A local user can use this for denial of service via
    crafted use of the open and fallocate system calls with an
    FS_IOC_FIEMAP ioctl.

CVE-2018-1065

    The syzkaller tool found a NULL pointer dereference flaw in the
    netfilter subsystem when handling certain malformed iptables
    rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN
    capability (in any user namespace) could use this to cause a denial
    of service. Debian disables unprivileged user namespaces by default.

CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation
    would dereference a null pointer if the server sent an invalid
    response during NTLMSSP setup negotiation.  This could be used
    by a malicious server for denial of service.

CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel, a local user with the CAP_NET_ADMIN capability (in any user
    namespace) could use this to overwrite kernel memory, possibly
    leading to privilege escalation. Debian disables unprivileged user
    namespaces by default.

CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would
    trigger a null dereference when mounted.  A local user able
    to mount arbitrary filesystems could use this for denial of
    service.

CVE-2018-1093

    Wen Xu reported that a crafted ext4 filesystem image could trigger
    an out-of-bounds read in the ext4_valid_block_bitmap() function. A
    local user able to mount arbitrary filesystems could use this for
    denial of service.

CVE-2018-1108

    Jann Horn reported that crng_ready() does not properly handle the
    crng_init variable states and the RNG could be treated as
    cryptographically safe too early after system boot.

CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check
    the length of chunks to be created.  A local or remote user could
    use this to cause a denial of service.

CVE-2018-7480

    Hou Tao discovered a double-free flaw in the blkcg_init_queue()
    function in block/blk-cgroup.c. A local user could use this to cause
    a denial of service or have other impact.

CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)
    sequencer core, between write and ioctl operations.  This could
    lead to an out-of-bounds access or use-after-free.  A local user
    with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.

CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation
    did not properly range-check the file offset.  A local user with
    access to files on a hugetlbfs filesystem could use this to cause
    a denial of service.

CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached
    SCSI) subsystem.  A local user on a system with SAS devices
    could use this to cause a denial of service.

CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE
    (Machine Check Exception) driver.  This is unlikely to have
    any security impact.

CVE-2018-8087

    A memory leak flaw was found in the hwsim_new_radio_nl() function in
    the simulated radio testing tool driver for mac80211, allowing a
    local user to cause a denial of service.

CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap
    operation did not properly range-check the file offset.  A local
    user with access to a udl framebuffer device could exploit this to
    overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server.  An
    ncpfs server could use this to cause a denial of service or
    remote code execution in the client.

CVE-2018-10323

    Wen Xu reported a NULL pointer dereference flaw in the
    xfs_bmapi_write() function triggered when mounting and operating a
    crafted xfs filesystem image. A local user able to mount arbitrary
    filesystems could use this for denial of service.

CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings.  Local users
    can use this to cause a denial of service, or possibly for
    privilege escalation, on x86 (amd64 and i386) and possibly other
    architectures.

For the stable distribution (stretch), these problems have been fixed in
version 4.9.88-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2
8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG
ux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX
62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD
qtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I
HztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR
7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV
150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n
RlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg
ux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX
eZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4=
=uZGQ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147451)

Debian Security Advisory 4187-1 (PacketStormID:F147451)
2018-05-03 00:00:00
Debian  debian.org
advisory,denial of service,kernel,vulnerability
linux,debian
CVE-2015-9016,CVE-2017-0861,CVE-2017-13166,CVE-2017-13220,CVE-2017-16526,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18017,CVE-2017-18203,CVE-2017-18216,CVE-2017-18232,CVE-2017-18241,CVE-2017-5715,CVE-2017-5753,CVE-2018-1000004,CVE-2018-1000199,CVE-2018-1066,CVE-2018-1068,CVE-2018-1092,CVE-2018-5332,CVE-2018-5333,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7492
[点击下载]

Debian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4187-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
May 01, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753
                 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911
                 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017
                 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241
                 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332
                 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927
                 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757
                 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004
                 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2015-9016

    Ming Lei reported a race condition in the multiqueue block layer
    (blk-mq).  On a system with a driver using blk-mq (mtip32xx,
    null_blk, or virtio_blk), a local user might be able to use this
    for denial of service or possibly for privilege escalation.

CVE-2017-0861

    Robb Glasser reported a potential use-after-free in the ALSA (sound)
    PCM core.  We believe this was not possible in practice.

CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 2 (branch
    target injection) and is mitigated for the x86 architecture (amd64
    and i386) by using the "retpoline" compiler feature which allows
    indirect branches to be isolated from speculative execution.

CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying vulnerable
    code sections (array bounds checking followed by array access) and
    replacing the array access with the speculation-safe
    array_index_nospec() function.

    More use sites will be added over time.

CVE-2017-13166

    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
    code has been found. Memory protections ensuring user-provided
    buffers always point to userland memory were disabled, allowing
    destination addresses to be in kernel space. On a 64-bit kernel a
    local user with access to a suitable video device can exploit this
    to overwrite kernel memory, leading to privilege escalation.

CVE-2017-13220

    Al Viro reported that the Bluetooth HIDP implementation could
    dereference a pointer before performing the necessary type check.
    A local user could use this to cause a denial of service.

CVE-2017-16526

    Andrey Konovalov reported that the UWB subsystem may dereference
    an invalid pointer in an error case.  A local user might be able
    to use this for denial of service.

CVE-2017-16911

    Secunia Research reported that the USB/IP vhci_hcd driver exposed
    kernel heap addresses to local users.  This information could aid the
    exploitation of other vulnerabilities.

CVE-2017-16912

    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading
    to an out-of-bounds read.  A remote user able to connect to the
    USB/IP server could use this for denial of service.

CVE-2017-16913

    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading
    to excessive memory allocation.  A remote user able to connect to
    the USB/IP server could use this for denial of service.

CVE-2017-16914

    Secunia Research reported that the USB/IP stub driver failed to
    check for an invalid combination of fields in a received packet,
    leading to a null pointer dereference.  A remote user able to
    connect to the USB/IP server could use this for denial of service.

CVE-2017-18017

    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
    failed to validate TCP header lengths, potentially leading to a
    use-after-free.  If this module is loaded, it could be used by a
    remote attacker for denial of service or possibly for code
    execution.

CVE-2017-18203

    Hou Tao reported that there was a race condition in creation and
    deletion of device-mapper (DM) devices.  A local user could
    potentially use this for denial of service.

CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations,
    potentially leading to a null pointer dereference.  A local user
    could use this for denial of service.

CVE-2017-18232

    Jason Yan reported a race condition in the SAS (Serial-Attached
    SCSI) subsystem, between probing and destroying a port.  This
    could lead to a deadlock.  A physically present attacker could
    use this to cause a denial of service.

CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly
    initialise its state if the "noflush_merge" mount option is used.
    A local user with access to a filesystem mounted with this option
    could use this to cause a denial of service.

CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation
    would dereference a null pointer if the server sent an invalid
    response during NTLMSSP setup negotiation.  This could be used
    by a malicious server for denial of service.

CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel, a local user with the CAP_NET_ADMIN capability (in any user
    namespace) could use this to overwrite kernel memory, possibly
    leading to privilege escalation. Debian disables unprivileged user
    namespaces by default.

CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would
    trigger a null dereference when mounted.  A local user able
    to mount arbitrary filesystems could use this for denial of
    service.

CVE-2018-5332

    Mohamed Ghannam reported that the RDS protocol did not
    sufficiently validate RDMA requests, leading to an out-of-bounds
    write.  A local attacker on a system with the rds module loaded
    could use this for denial of service or possibly for privilege
    escalation.

CVE-2018-5333

    Mohamed Ghannam reported that the RDS protocol did not properly
    handle an error case, leading to a null pointer dereference.  A
    local attacker on a system with the rds module loaded could
    possibly use this for denial of service.

CVE-2018-5750

    Wang Qize reported that the ACPI sbshc driver logged a kernel heap
    address.  This information could aid the exploitation of other
    vulnerabilities.

CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check
    the length of chunks to be created.  A local or remote user could
    use this to cause a denial of service.

CVE-2018-6927

    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
    not check for negative parameter values, which might lead to a
    denial of service or other security impact.

CVE-2018-7492

    The syzkaller tool found that the RDS protocol was lacking a null
    pointer check.  A local attacker on a system with the rds module
    loaded could use this for denial of service.

CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)
    sequencer core, between write and ioctl operations.  This could
    lead to an out-of-bounds access or use-after-free.  A local user
    with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.

CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation
    did not properly range-check the file offset.  A local user with
    access to files on a hugetlbfs filesystem could use this to cause
    a denial of service.

CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached
    SCSI) subsystem.  A local user on a system with SAS devices
    could use this to cause a denial of service.

CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE
    (Machine Check Exception) driver.  This is unlikely to have
    any security impact.

CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap
    operation did not properly range-check the file offset.  A local
    user with access to a udl framebuffer device could exploit this to
    overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server.  An
    ncpfs server could use this to cause a denial of service or
    remote code execution in the client.

CVE-2018-1000004

    Luo Quan reported a race condition in the ALSA (sound) sequencer
    core, between multiple ioctl operations.  This could lead to a
    deadlock or use-after-free.  A local user with access to a
    sequencer device could use this for denial of service or possibly
    for privilege escalation.

CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings.  Local users
    can use this to cause a denial of service, or possibly for
    privilege escalation, on x86 (amd64 and i386) and possibly other
    architectures.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.56-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY
AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E
hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH
aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7
OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS
H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65
UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd
Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/
kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A
5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s
CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=
=wNQS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147783)

Ubuntu Security Notice USN-3654-2 (PacketStormID:F147783)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,local,vulnerability
linux,ubuntu
CVE-2017-17975,CVE-2017-18193,CVE-2017-18222,CVE-2018-1065,CVE-2018-1068,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7480,CVE-2018-7757,CVE-2018-7995,CVE-2018-8781,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3654-2 - USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3654-2
May 22, 2018

linux-lts-xenial, linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3654-1 fixed vulnerabilities and added mitigations in the Linux
kernel for Ubuntu 16.04 LTS. This update provides the corresponding
updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu
16.04 LTS for Ubuntu 14.04 LTS.

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS
Ethernet Device driver in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not
validate that rules containing jumps contained user-defined chains. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer
subsystem of the Linux kernel when setting up a request queue. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check
handler in the Linux kernel. A local privileged attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-1022-aws      4.4.0-1022.22
  linux-image-4.4.0-127-generic   4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-generic-lpae  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-lowlatency  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc-e500mc  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc-smp  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc64-emb  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc64-smp  4.4.0-127.153~14.04.1
  linux-image-aws                 4.4.0.1022.22
  linux-image-generic-lpae-lts-xenial  4.4.0.127.107
  linux-image-generic-lts-xenial  4.4.0.127.107
  linux-image-lowlatency-lts-xenial  4.4.0.127.107
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.127.107
  linux-image-powerpc-smp-lts-xenial  4.4.0.127.107
  linux-image-powerpc64-emb-lts-xenial  4.4.0.127.107
  linux-image-powerpc64-smp-lts-xenial  4.4.0.127.107

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3654-2
  https://usn.ubuntu.com/usn/usn-3654-1
  CVE-2017-17975, CVE-2017-18193, CVE-2017-18222, CVE-2018-1065,
  CVE-2018-1068, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803,
  CVE-2018-7480, CVE-2018-7757, CVE-2018-7995, CVE-2018-8781,
  CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1022.22
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-127.153~14.04.1

    

- 漏洞信息 (F147782)

Ubuntu Security Notice USN-3654-1 (PacketStormID:F147782)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-17975,CVE-2017-18193,CVE-2017-18222,CVE-2018-1065,CVE-2018-1068,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7480,CVE-2018-7757,CVE-2018-7995,CVE-2018-8781,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3654-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3654-1
May 22, 2018

linux, linux-aws, linux-kvm, vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments

Details:

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS
Ethernet Device driver in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not
validate that rules containing jumps contained user-defined chains. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer
subsystem of the Linux kernel when setting up a request queue. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check
handler in the Linux kernel. A local privileged attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1026-kvm      4.4.0-1026.31
  linux-image-4.4.0-1060-aws      4.4.0-1060.69
  linux-image-4.4.0-127-generic   4.4.0-127.153
  linux-image-4.4.0-127-generic-lpae  4.4.0-127.153
  linux-image-4.4.0-127-lowlatency  4.4.0-127.153
  linux-image-4.4.0-127-powerpc-e500mc  4.4.0-127.153
  linux-image-4.4.0-127-powerpc-smp  4.4.0-127.153
  linux-image-4.4.0-127-powerpc64-emb  4.4.0-127.153
  linux-image-4.4.0-127-powerpc64-smp  4.4.0-127.153
  linux-image-aws                 4.4.0.1060.62
  linux-image-generic             4.4.0.127.133
  linux-image-generic-lpae        4.4.0.127.133
  linux-image-kvm                 4.4.0.1026.25
  linux-image-lowlatency          4.4.0.127.133
  linux-image-powerpc-e500mc      4.4.0.127.133
  linux-image-powerpc-smp         4.4.0.127.133
  linux-image-powerpc64-emb       4.4.0.127.133
  linux-image-powerpc64-smp       4.4.0.127.133

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3654-1
  CVE-2017-17975, CVE-2017-18193, CVE-2017-18222, CVE-2018-1065,
  CVE-2018-1068, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803,
  CVE-2018-7480, CVE-2018-7757, CVE-2018-7995, CVE-2018-8781,
  CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-127.153
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1060.69
  https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1026.31

    

- 漏洞信息 (F147774)

Ubuntu Security Notice USN-3656-1 (PacketStormID:F147774)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-17975,CVE-2017-18193,CVE-2017-18222,CVE-2018-1065,CVE-2018-1068,CVE-2018-1130,CVE-2018-5803,CVE-2018-7480,CVE-2018-7757,CVE-2018-7995,CVE-2018-8781,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3656-1 - Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3656-1
May 22, 2018

linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS
Ethernet Device driver in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not
validate that rules containing jumps contained user-defined chains. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer
subsystem of the Linux kernel when setting up a request queue. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check
handler in the Linux kernel. A local privileged attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1090-raspi2   4.4.0-1090.98
  linux-image-4.4.0-1093-snapdragon  4.4.0-1093.98
  linux-image-raspi2              4.4.0.1090.90
  linux-image-snapdragon          4.4.0.1093.85

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3656-1
  CVE-2017-17975, CVE-2017-18193, CVE-2017-18222, CVE-2018-1065,
  CVE-2018-1068, CVE-2018-1130, CVE-2018-5803, CVE-2018-7480,
  CVE-2018-7757, CVE-2018-7995, CVE-2018-8781, CVE-2018-8822

Package Information:
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1090.98
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1093.98

    

- 漏洞信息 (F148244)

Red Hat Security Advisory 2018-1854-01 (PacketStormID:F148244)
2018-06-19 00:00:00
Red Hat  
advisory,denial of service,kernel,vulnerability
linux,redhat
CVE-2012-6701,CVE-2015-8830,CVE-2016-8650,CVE-2017-12190,CVE-2017-15121,CVE-2017-18203,CVE-2017-2671,CVE-2017-6001,CVE-2017-7308,CVE-2017-7616,CVE-2017-7889,CVE-2017-8890,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803
[点击下载]

Red Hat Security Advisory 2018-1854-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:1854-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1854
Issue date:        2018-06-19
CVE Names:         CVE-2012-6701 CVE-2015-8830 CVE-2016-8650 
                   CVE-2017-2671 CVE-2017-6001 CVE-2017-7308 
                   CVE-2017-7616 CVE-2017-7889 CVE-2017-8890 
                   CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 
                   CVE-2017-12190 CVE-2017-15121 CVE-2017-18203 
                   CVE-2018-1130 CVE-2018-3639 CVE-2018-5803 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, PowerPC)

* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)

* kernel: AIO interface didn't use rw_verify_area() for checking mandatory
locking on files and size of access (CVE-2012-6701)

* kernel: AIO write triggers integer overflow in some protocols
(CVE-2015-8830)

* kernel: Null pointer dereference via keyctl (CVE-2016-8650)

* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)

* kernel: Race condition between multiple sys_perf_event_open() calls
(CVE-2017-6001)

* kernel: Incorrect error handling in the set_mempolicy and mbind compat
syscalls in mm/mempolicy.c (CVE-2017-7616)

* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism (CVE-2017-7889)

* kernel: Double free in the inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c (CVE-2017-8890)

* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
(CVE-2017-9075)

* kernel: net: IPv6 DCCP implementation mishandles inheritance
(CVE-2017-9076)

* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
(CVE-2017-9077)

* kernel: memory leak when merging buffers in SCSI IO vectors
(CVE-2017-12190)

* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
(CVE-2017-15121)

* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows
local users to cause a denial of service (CVE-2017-18203)

* kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit()
leads to a system crash (CVE-2018-1130)

* kernel: Missing length check of payload in
net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of
service (CVE-2018-5803)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639;
Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin
(Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was
discovered by Miklos Szeredi (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10
Technical Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

869942 - Kernel crashes on reading an ACL containing 190 ACEs over NFSv4
1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols
1314288 - CVE-2012-6701 kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access
1395187 - CVE-2016-8650 kernel: Null pointer dereference via keyctl
1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls
1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
1448170 - RHEL6.9: sunrpc reconnect logic now may trigger a SYN storm when a TCP connection drops and a burst of RPC commands hit the transport
1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors
1497152 - systool causes panic on 2.6.32-696.6.3.el6.x86_64 using be2iscsi
1520893 - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
1550811 - CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
1560494 - i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

ppc64:
kernel-2.6.32-754.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-754.el6.ppc64.rpm
kernel-debug-2.6.32-754.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debug-devel-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.el6.ppc64.rpm
kernel-devel-2.6.32-754.el6.ppc64.rpm
kernel-headers-2.6.32-754.el6.ppc64.rpm
perf-2.6.32-754.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.el6.ppc64.rpm

s390x:
kernel-2.6.32-754.el6.s390x.rpm
kernel-debug-2.6.32-754.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debug-devel-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.el6.s390x.rpm
kernel-devel-2.6.32-754.el6.s390x.rpm
kernel-headers-2.6.32-754.el6.s390x.rpm
kernel-kdump-2.6.32-754.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-kdump-devel-2.6.32-754.el6.s390x.rpm
perf-2.6.32-754.el6.s390x.rpm
perf-debuginfo-2.6.32-754.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.el6.s390x.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.el6.ppc64.rpm
python-perf-2.6.32-754.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.el6.s390x.rpm
perf-debuginfo-2.6.32-754.el6.s390x.rpm
python-perf-2.6.32-754.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2012-6701
https://access.redhat.com/security/cve/CVE-2015-8830
https://access.redhat.com/security/cve/CVE-2016-8650
https://access.redhat.com/security/cve/CVE-2017-2671
https://access.redhat.com/security/cve/CVE-2017-6001
https://access.redhat.com/security/cve/CVE-2017-7308
https://access.redhat.com/security/cve/CVE-2017-7616
https://access.redhat.com/security/cve/CVE-2017-7889
https://access.redhat.com/security/cve/CVE-2017-8890
https://access.redhat.com/security/cve/CVE-2017-9075
https://access.redhat.com/security/cve/CVE-2017-9076
https://access.redhat.com/security/cve/CVE-2017-9077
https://access.redhat.com/security/cve/CVE-2017-12190
https://access.redhat.com/security/cve/CVE-2017-15121
https://access.redhat.com/security/cve/CVE-2017-18203
https://access.redhat.com/security/cve/CVE-2018-1130
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2018-5803
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd
https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html
https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWyiNN9zjgjWX9erEAQgn7g/8DeDvxkh3SCpVN2ma5SLYXBnG5pss2Qp7
P5a5zLae8g0OjnZMg2LoCC+Qk0Fe4mpXKB3Wu4yZmRNs7Y5WRWa4imP7ZYvLiSKa
KMXLcJhZBMN16ICFw2YX9rN3+wnRC94XY9cW5x0x2uJXoBOMb0MvccLE9z5DIZ7s
KI03p2JEHLMt60oZVK6Vdcs+RbfoKLgh3Z2C2ryybjl3LGO+YcqCLvDgsvXnOJl8
TBZRBBd/X6V3xld3x0N3qgPOc4uRXQuqH/QmELZAhcc0MdyhTDQV6JZsYBMV2w5n
T0lo71xuPJxLZvMt8UXkQwsCWIuFMQk8uyV6mV+peXxUS0y2LUY2uwWs1AXWOUxx
FfYm0jAsZW8kTLZfag9w2zWREib8bs0sx44Etz0HBs+dMHLZc7j6PvTk3zyFijSC
qqk+AFGnvM76cQmP8m/SxzEr0YV5FH1wp0eJ/mdn4tl42OBu7Zu7joTI04n6DFsg
1tP5a+46eb8bFLI3FjvoN/Z3Qyaln27tVhFpTY88f3lonDDlFo8BkWNG038JxGRk
R6Wjln6724pFfBT9vj+/RQFpSptFKXL3h4Fd/x+XNTFbx1dqpnVaVsstRDxOaqPO
ugnRxLgzybXC1UQO0ExMu85jUM3QYLKFSv/G1dHhSsbfbOfnfbPaazpoAvClfWw5
FIbNr61v/A8=
=BnkQ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148403)

Ubuntu Security Notice USN-3698-1 (PacketStormID:F148403)
2018-07-02 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local
linux,ubuntu
CVE-2017-12154,CVE-2017-12193,CVE-2017-15265,CVE-2018-1130,CVE-2018-3665,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3698-1 - It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

=========================================================================
Ubuntu Security Notice USN-3698-1
July 02, 2018

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-153-generic  3.13.0-153.203
  linux-image-3.13.0-153-generic-lpae  3.13.0-153.203
  linux-image-3.13.0-153-lowlatency  3.13.0-153.203
  linux-image-3.13.0-153-powerpc-e500  3.13.0-153.203
  linux-image-3.13.0-153-powerpc-e500mc  3.13.0-153.203
  linux-image-3.13.0-153-powerpc-smp  3.13.0-153.203
  linux-image-3.13.0-153-powerpc64-emb  3.13.0-153.203
  linux-image-3.13.0-153-powerpc64-smp  3.13.0-153.203
  linux-image-generic             3.13.0.153.163
  linux-image-generic-lpae        3.13.0.153.163
  linux-image-lowlatency          3.13.0.153.163
  linux-image-powerpc-e500        3.13.0.153.163
  linux-image-powerpc-e500mc      3.13.0.153.163
  linux-image-powerpc-smp         3.13.0.153.163
  linux-image-powerpc64-emb       3.13.0.153.163
  linux-image-powerpc64-smp       3.13.0.153.163

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3698-1
  CVE-2017-12154, CVE-2017-12193, CVE-2017-15265, CVE-2018-1130,
  CVE-2018-3665, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927,
  CVE-2018-7755, CVE-2018-7757

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-153.203
    

- 漏洞信息 (F148408)

Ubuntu Security Notice USN-3698-2 (PacketStormID:F148408)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,vulnerability
linux,ubuntu
CVE-2017-12154,CVE-2017-12193,CVE-2017-15265,CVE-2018-1130,CVE-2018-3665,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3698-2 - USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3698-2
July 02, 2018

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  linux-image-3.13.0-153-generic  3.13.0-153.203~precise1
  linux-image-3.13.0-153-generic-lpae  3.13.0-153.203~precise1
  linux-image-generic-lpae-lts-trusty  3.13.0.153.143
  linux-image-generic-lts-trusty  3.13.0.153.143

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3698-2
  https://usn.ubuntu.com/usn/usn-3698-1
  CVE-2017-12154, CVE-2017-12193, CVE-2017-15265, CVE-2018-1130,
  CVE-2018-3665, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927,
  CVE-2018-7755, CVE-2018-7757

    

- 漏洞信息 (F148407)

Ubuntu Security Notice USN-3697-2 (PacketStormID:F148407)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,protocol
linux,ubuntu
CVE-2018-1130,CVE-2018-11508,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3697-2 - It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3697-2
July 02, 2018

linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oem: Linux kernel for OEM processors

Details:

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.13.0-1031-oem     4.13.0-1031.35
  linux-image-oem                 4.13.0.1031.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3697-2
  https://usn.ubuntu.com/usn/usn-3697-1
  CVE-2018-1130, CVE-2018-11508, CVE-2018-5750, CVE-2018-5803,
  CVE-2018-6927, CVE-2018-7755, CVE-2018-7757

Package Information:
  https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1031.35

    

- 漏洞信息 (F148406)

Ubuntu Security Notice USN-3697-1 (PacketStormID:F148406)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,protocol
linux,ubuntu
CVE-2018-1130,CVE-2018-11508,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3697-1 - It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3697-1
July 02, 2018

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  linux-image-4.13.0-1023-raspi2  4.13.0-1023.24
  linux-image-4.13.0-46-generic   4.13.0-46.51
  linux-image-4.13.0-46-generic-lpae  4.13.0-46.51
  linux-image-4.13.0-46-lowlatency  4.13.0-46.51
  linux-image-generic             4.13.0.46.49
  linux-image-generic-lpae        4.13.0.46.49
  linux-image-lowlatency          4.13.0.46.49
  linux-image-raspi2              4.13.0.1023.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3697-1
  CVE-2018-1130, CVE-2018-11508, CVE-2018-5750, CVE-2018-5803,
  CVE-2018-6927, CVE-2018-7755, CVE-2018-7757

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.13.0-46.51
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1023.24

    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站