ALT-BU-2016-2708-1
Branch t7 update bulletin.
Package NetworkManager updated to version 0.9.8.10-alt1.M70P.2.git20150519 for branch t7 in task 163589.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-0764
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
Package kernel-image-std-def updated to version 3.14.67-alt0.M70P.1 for branch t7 in task 163589.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
- SUSE-SU-2016:1937
- SUSE-SU-2016:1985
- SUSE-SU-2016:1985
- SUSE-SU-2016:2105
- SUSE-SU-2016:2105
- openSUSE-SU-2016:2184
- openSUSE-SU-2016:2184
- DSA-3607
- DSA-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- [oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel
- [oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 90605
- 90605
- 1036763
- 1036763
- USN-3021-1
- USN-3021-1
- USN-3021-2
- USN-3021-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1335803
- https://bugzilla.redhat.com/show_bug.cgi?id=1335803
- https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
Modified: 2024-11-21
CVE-2016-7117
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d
- RHSA-2016:2962
- RHSA-2016:2962
- RHSA-2017:0031
- RHSA-2017:0031
- RHSA-2017:0036
- RHSA-2017:0036
- RHSA-2017:0065
- RHSA-2017:0065
- RHSA-2017:0086
- RHSA-2017:0086
- RHSA-2017:0091
- RHSA-2017:0091
- RHSA-2017:0113
- RHSA-2017:0113
- RHSA-2017:0196
- RHSA-2017:0196
- RHSA-2017:0215
- RHSA-2017:0215
- RHSA-2017:0216
- RHSA-2017:0216
- RHSA-2017:0217
- RHSA-2017:0217
- RHSA-2017:0270
- RHSA-2017:0270
- http://source.android.com/security/bulletin/2016-10-01.html
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- 93304
- 93304
- https://bugzilla.novell.com/show_bug.cgi?id=1003077
- https://bugzilla.novell.com/show_bug.cgi?id=1003077
- https://bugzilla.redhat.com/show_bug.cgi?id=1382268
- https://bugzilla.redhat.com/show_bug.cgi?id=1382268
- https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d
- https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html
- https://security-tracker.debian.org/tracker/CVE-2016-7117
- https://security-tracker.debian.org/tracker/CVE-2016-7117
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-1951
Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.
- 92385
- 92385
- 1036590
- 1036590
- USN-3023-1
- USN-3023-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1174015
- https://bugzilla.mozilla.org/show_bug.cgi?id=1174015
- [dev-tech-nspr] 20160217 [ANNOUNCE] NSPR 4.12 Release
- [dev-tech-nspr] 20160217 [ANNOUNCE] NSPR 4.12 Release
- https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
- https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
Closed bugs
Add tstclnt and vfyserv