Red Hat Security Advisory 2017-2931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
edba1cdf75883b0afd4147a1b9b0f8c787387b79a168379d1cee80de73ebe1eaRed Hat Security Advisory 2017-2930-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
e290a5f1dc4b6935b2c09d9c88039750f701a314dff84bdf0a026e7c338e354dSeveral security issues were fixed in the kernel. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
42b1d7e92d487c05901f19f08b2e6c9e119556985c2054e46a019c3a3bd7bf0dRed Hat Security Advisory 2017-0869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). Enhancement:
c7b5eaf57adbad1eed998d1a79c4920ea877082a5e42528c470ee450b22b4b7bRed Hat Security Advisory 2017-0817-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.
597c633d164dd5b659055724a7f94dfa6104bd1ddf58babc8fd4e61d37290908Ubuntu Security Notice 3190-2 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
cf4cc9859b178aeba3d7971d5f7e2816de9414942d6b55bc51f88f58392aac87Ubuntu Security Notice 3189-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. Various other issues were also addressed.
0f3136fcfb20894c5f31c658da4570ea1617117f25f703bedd4422456e8c8b6eUbuntu Security Notice 3189-2 - USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
852d2ecf12fb5e32e229fe893e3cd546f2ac5e0aedf19d8cb685eabd45e1317eUbuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bd67da6c07218157f0d827497e94107d511dd272fd135c5e7062763994f1a47d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed