ALT-BU-2016-2769-1
Branch p8 update bulletin.
Package kernel-image-un-def updated to version 4.5.4-alt0.M80P.1 for branch p8 in task 164656.
Closed vulnerabilities
BDU:2016-02082
Уязвимость функции usbip_recv_xbuff (drivers/usb/usbip/usbip_common.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Modified: 2024-11-21
CVE-2016-1575
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html
- http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
- http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
- [oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs
- [oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs
- [oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up
- [oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up
- https://launchpad.net/bugs/1534961
- https://launchpad.net/bugs/1534961
Modified: 2024-11-21
CVE-2016-1576
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html
- http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
- http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
- [oss-security] 20160224 Overlayfs over Fuse Privilege Escalation in USERNS
- [oss-security] 20160224 Overlayfs over Fuse Privilege Escalation in USERNS
- [oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up
- [oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up
- https://bugs.launchpad.net/bugs/1535150
- https://bugs.launchpad.net/bugs/1535150
- https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch
- https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch
- https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch
- https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch
Modified: 2024-11-21
CVE-2016-2117
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
- RHSA-2016:2574
- RHSA-2016:2574
- RHSA-2016:2584
- RHSA-2016:2584
- DSA-3607
- DSA-3607
- [oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO
- [oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 84500
- 84500
- USN-2989-1
- USN-2989-1
- USN-2998-1
- USN-2998-1
- USN-3000-1
- USN-3000-1
- USN-3001-1
- USN-3001-1
- USN-3002-1
- USN-3002-1
- USN-3003-1
- USN-3003-1
- USN-3004-1
- USN-3004-1
- USN-3005-1
- USN-3005-1
- USN-3006-1
- USN-3006-1
- USN-3007-1
- USN-3007-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1312298
- https://bugzilla.redhat.com/show_bug.cgi?id=1312298
- https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
- https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
Modified: 2024-11-21
CVE-2016-2187
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1985
- SUSE-SU-2016:1985
- DSA-3607
- DSA-3607
- 85425
- 85425
- USN-2989-1
- USN-2989-1
- USN-2996-1
- USN-2996-1
- USN-2997-1
- USN-2997-1
- USN-2998-1
- USN-2998-1
- USN-3000-1
- USN-3000-1
- USN-3001-1
- USN-3001-1
- USN-3002-1
- USN-3002-1
- USN-3003-1
- USN-3003-1
- USN-3004-1
- USN-3004-1
- USN-3005-1
- USN-3005-1
- USN-3006-1
- USN-3006-1
- USN-3007-1
- USN-3007-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1317017
- https://bugzilla.redhat.com/show_bug.cgi?id=1317017
- https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d
- https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d
Modified: 2024-11-21
CVE-2016-3134
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1690
- SUSE-SU-2016:1696
- SUSE-SU-2016:1696
- SUSE-SU-2016:1764
- SUSE-SU-2016:1764
- SUSE-SU-2016:1961
- SUSE-SU-2016:1961
- SUSE-SU-2016:1985
- SUSE-SU-2016:1985
- SUSE-SU-2016:1994
- SUSE-SU-2016:1994
- SUSE-SU-2016:1995
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- SUSE-SU-2016:2000
- SUSE-SU-2016:2001
- SUSE-SU-2016:2001
- SUSE-SU-2016:2002
- SUSE-SU-2016:2002
- SUSE-SU-2016:2005
- SUSE-SU-2016:2005
- SUSE-SU-2016:2006
- SUSE-SU-2016:2006
- SUSE-SU-2016:2007
- SUSE-SU-2016:2007
- SUSE-SU-2016:2009
- SUSE-SU-2016:2009
- SUSE-SU-2016:2010
- SUSE-SU-2016:2010
- SUSE-SU-2016:2014
- SUSE-SU-2016:2014
- SUSE-SU-2016:2074
- SUSE-SU-2016:2074
- RHSA-2016:1847
- RHSA-2016:1847
- RHSA-2016:1875
- RHSA-2016:1875
- RHSA-2016:1883
- RHSA-2016:1883
- DSA-3607
- DSA-3607
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 84305
- 84305
- 1036763
- 1036763
- USN-2929-1
- USN-2929-1
- USN-2929-2
- USN-2929-2
- USN-2930-1
- USN-2930-1
- USN-2930-2
- USN-2930-2
- USN-2930-3
- USN-2930-3
- USN-2931-1
- USN-2931-1
- USN-2932-1
- USN-2932-1
- USN-3049-1
- USN-3049-1
- USN-3050-1
- USN-3050-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1317383
- https://bugzilla.redhat.com/show_bug.cgi?id=1317383
- https://code.google.com/p/google-security-research/issues/detail?id=758
- https://code.google.com/p/google-security-research/issues/detail?id=758
- https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309
- https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309
Modified: 2024-11-21
CVE-2016-3156
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2
- SUSE-SU-2016:1019
- SUSE-SU-2016:1019
- openSUSE-SU-2016:1382
- openSUSE-SU-2016:1382
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1690
- SUSE-SU-2016:1707
- SUSE-SU-2016:1707
- SUSE-SU-2016:1764
- SUSE-SU-2016:1764
- SUSE-SU-2016:2074
- SUSE-SU-2016:2074
- RHSA-2016:2574
- RHSA-2016:2574
- RHSA-2016:2584
- RHSA-2016:2584
- DSA-3607
- DSA-3607
- [oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy
- [oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 84428
- 84428
- USN-2968-1
- USN-2968-1
- USN-2968-2
- USN-2968-2
- USN-2969-1
- USN-2969-1
- USN-2970-1
- USN-2970-1
- USN-2971-1
- USN-2971-1
- USN-2971-2
- USN-2971-2
- USN-2971-3
- USN-2971-3
- USN-2996-1
- USN-2996-1
- USN-2997-1
- USN-2997-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1318172
- https://bugzilla.redhat.com/show_bug.cgi?id=1318172
- https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2
- https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2
Modified: 2024-11-21
CVE-2016-3672
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb
- http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis
- http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis
- http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
- http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
- FEDORA-2016-76706f51a7
- FEDORA-2016-76706f51a7
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- SUSE-SU-2016:1690
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
- SUSE-SU-2016:1937
- SUSE-SU-2016:2105
- SUSE-SU-2016:2105
- openSUSE-SU-2016:2184
- openSUSE-SU-2016:2184
- 20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
- 20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
- DSA-3607
- DSA-3607
- 20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
- 20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
- 85884
- 85884
- 1035506
- 1035506
- USN-2989-1
- USN-2989-1
- USN-2996-1
- USN-2996-1
- USN-2997-1
- USN-2997-1
- USN-2998-1
- USN-2998-1
- USN-3000-1
- USN-3000-1
- USN-3001-1
- USN-3001-1
- USN-3002-1
- USN-3002-1
- USN-3003-1
- USN-3003-1
- USN-3004-1
- USN-3004-1
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- https://bugzilla.redhat.com/show_bug.cgi?id=1324749
- https://bugzilla.redhat.com/show_bug.cgi?id=1324749
- https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb
- https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb
- 39669
- 39669
Modified: 2024-11-21
CVE-2016-3955
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- DSA-3607
- DSA-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- [oss-security] 20160419 CVE Request: Linux kernel: remote buffer overflow in usbip
- [oss-security] 20160419 CVE Request: Linux kernel: remote buffer overflow in usbip
- 86534
- 86534
- USN-2989-1
- USN-2989-1
- USN-2996-1
- USN-2996-1
- USN-2997-1
- USN-2997-1
- USN-2998-1
- USN-2998-1
- USN-3000-1
- USN-3000-1
- USN-3001-1
- USN-3001-1
- USN-3002-1
- USN-3002-1
- USN-3003-1
- USN-3003-1
- USN-3004-1
- USN-3004-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1328478
- https://bugzilla.redhat.com/show_bug.cgi?id=1328478
- https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
- https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
Modified: 2024-11-21
CVE-2016-4565
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
- SUSE-SU-2016:1937
- SUSE-SU-2016:1961
- SUSE-SU-2016:1961
- SUSE-SU-2016:1985
- SUSE-SU-2016:1985
- SUSE-SU-2016:1994
- SUSE-SU-2016:1994
- SUSE-SU-2016:1995
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- SUSE-SU-2016:2000
- SUSE-SU-2016:2001
- SUSE-SU-2016:2001
- SUSE-SU-2016:2002
- SUSE-SU-2016:2002
- SUSE-SU-2016:2003
- SUSE-SU-2016:2003
- SUSE-SU-2016:2005
- SUSE-SU-2016:2005
- SUSE-SU-2016:2006
- SUSE-SU-2016:2006
- SUSE-SU-2016:2007
- SUSE-SU-2016:2007
- SUSE-SU-2016:2009
- SUSE-SU-2016:2009
- SUSE-SU-2016:2010
- SUSE-SU-2016:2010
- SUSE-SU-2016:2011
- SUSE-SU-2016:2011
- SUSE-SU-2016:2014
- SUSE-SU-2016:2014
- SUSE-SU-2016:2105
- SUSE-SU-2016:2105
- openSUSE-SU-2016:2184
- openSUSE-SU-2016:2184
- RHSA-2016:1489
- RHSA-2016:1489
- RHSA-2016:1581
- RHSA-2016:1581
- RHSA-2016:1617
- RHSA-2016:1617
- RHSA-2016:1640
- RHSA-2016:1640
- RHSA-2016:1657
- RHSA-2016:1657
- RHSA-2016:1814
- RHSA-2016:1814
- DSA-3607
- DSA-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- [oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'
- [oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 90301
- 90301
- USN-3001-1
- USN-3001-1
- USN-3002-1
- USN-3002-1
- USN-3003-1
- USN-3003-1
- USN-3004-1
- USN-3004-1
- USN-3005-1
- USN-3005-1
- USN-3006-1
- USN-3006-1
- USN-3007-1
- USN-3007-1
- USN-3018-1
- USN-3018-1
- USN-3018-2
- USN-3018-2
- USN-3019-1
- USN-3019-1
- USN-3021-1
- USN-3021-1
- USN-3021-2
- USN-3021-2
- RHSA-2016:1277
- RHSA-2016:1277
- RHSA-2016:1301
- RHSA-2016:1301
- RHSA-2016:1341
- RHSA-2016:1341
- RHSA-2016:1406
- RHSA-2016:1406
- https://bugzilla.redhat.com/show_bug.cgi?id=1310570
- https://bugzilla.redhat.com/show_bug.cgi?id=1310570
- https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
Modified: 2024-11-21
CVE-2016-4568
drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- [oss-security] 20160507 CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing
- [oss-security] 20160507 CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing
- https://bugzilla.redhat.com/show_bug.cgi?id=1334316
- https://bugzilla.redhat.com/show_bug.cgi?id=1334316
- https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab
- https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab
Modified: 2024-11-21
CVE-2016-4581
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- RHSA-2016:2574
- RHSA-2016:2574
- RHSA-2016:2584
- RHSA-2016:2584
- DSA-3607
- DSA-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4
- [oss-security] 20160511 CVE request: Mishandling the first propagated copy being a slave
- [oss-security] 20160511 CVE request: Mishandling the first propagated copy being a slave
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 90607
- 90607
- USN-2989-1
- USN-2989-1
- USN-2998-1
- USN-2998-1
- USN-3000-1
- USN-3000-1
- USN-3001-1
- USN-3001-1
- USN-3002-1
- USN-3002-1
- USN-3003-1
- USN-3003-1
- USN-3004-1
- USN-3004-1
- USN-3005-1
- USN-3005-1
- USN-3006-1
- USN-3006-1
- USN-3007-1
- USN-3007-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1333712
- https://bugzilla.redhat.com/show_bug.cgi?id=1333712
- https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f
- https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f
Modified: 2024-11-21
CVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
- SUSE-SU-2016:1937
- SUSE-SU-2016:1985
- SUSE-SU-2016:1985
- SUSE-SU-2016:2105
- SUSE-SU-2016:2105
- openSUSE-SU-2016:2184
- openSUSE-SU-2016:2184
- DSA-3607
- DSA-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- [oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel
- [oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 90605
- 90605
- 1036763
- 1036763
- USN-3021-1
- USN-3021-1
- USN-3021-2
- USN-3021-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1335803
- https://bugzilla.redhat.com/show_bug.cgi?id=1335803
- https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
Modified: 2024-11-21
CVE-2016-7117
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d
- RHSA-2016:2962
- RHSA-2016:2962
- RHSA-2017:0031
- RHSA-2017:0031
- RHSA-2017:0036
- RHSA-2017:0036
- RHSA-2017:0065
- RHSA-2017:0065
- RHSA-2017:0086
- RHSA-2017:0086
- RHSA-2017:0091
- RHSA-2017:0091
- RHSA-2017:0113
- RHSA-2017:0113
- RHSA-2017:0196
- RHSA-2017:0196
- RHSA-2017:0215
- RHSA-2017:0215
- RHSA-2017:0216
- RHSA-2017:0216
- RHSA-2017:0217
- RHSA-2017:0217
- RHSA-2017:0270
- RHSA-2017:0270
- http://source.android.com/security/bulletin/2016-10-01.html
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- 93304
- 93304
- https://bugzilla.novell.com/show_bug.cgi?id=1003077
- https://bugzilla.novell.com/show_bug.cgi?id=1003077
- https://bugzilla.redhat.com/show_bug.cgi?id=1382268
- https://bugzilla.redhat.com/show_bug.cgi?id=1382268
- https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d
- https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html
- https://security-tracker.debian.org/tracker/CVE-2016-7117
- https://security-tracker.debian.org/tracker/CVE-2016-7117
Modified: 2024-11-21
CVE-2016-7912
Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a
- http://source.android.com/security/bulletin/2016-11-01.html
- http://source.android.com/security/bulletin/2016-11-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- 94197
- 94197
- https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a
- https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a
Modified: 2024-11-21
CVE-2016-7914
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
- RHSA-2016:2574
- RHSA-2016:2574
- http://source.android.com/security/bulletin/2016-11-01.html
- http://source.android.com/security/bulletin/2016-11-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- 94138
- 94138
- https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
- https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
Modified: 2024-11-21
CVE-2016-7916
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3
- http://source.android.com/security/bulletin/2016-11-01.html
- http://source.android.com/security/bulletin/2016-11-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4
- 94138
- 94138
- USN-3159-1
- USN-3159-1
- USN-3159-2
- USN-3159-2
- https://bugzilla.kernel.org/show_bug.cgi?id=116461
- https://bugzilla.kernel.org/show_bug.cgi?id=116461
- https://forums.grsecurity.net/viewtopic.php?f=3&t=4363
- https://forums.grsecurity.net/viewtopic.php?f=3&t=4363
- https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3
- https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3
Package adobe-flash-player updated to version 11-alt62 for branch p8 in task 164673.
Closed vulnerabilities
BDU:2016-01276
Уязвимость программной платформы Flash Player, позволяющая нарушителю получить контроль над системой и вызвать аварийное завершение работы приложения
BDU:2016-01277
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01278
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01279
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01280
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01281
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01282
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01283
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01284
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01285
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01295
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01296
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01297
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01298
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01299
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01300
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01301
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01302
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01303
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01304
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01305
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01306
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01307
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01308
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-01309
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
Modified: 2024-11-21
CVE-2016-1096
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137051/Adobe-Flash-MP4-File-Stack-Corruption.html
- http://packetstormsecurity.com/files/137051/Adobe-Flash-MP4-File-Stack-Corruption.html
- RHSA-2016:1079
- RHSA-2016:1079
- 90618
- 90618
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39828
- 39828
Modified: 2024-11-21
CVE-2016-1097
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1098
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1099
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1100
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1101
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137052/Adobe-Flash-ATF-Processing-Heap-Overflow.html
- http://packetstormsecurity.com/files/137052/Adobe-Flash-ATF-Processing-Heap-Overflow.html
- RHSA-2016:1079
- RHSA-2016:1079
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39827
- 39827
Modified: 2024-11-21
CVE-2016-1102
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.html
- http://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.html
- RHSA-2016:1079
- RHSA-2016:1079
- 90618
- 90618
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39824
- 39824
Modified: 2024-11-21
CVE-2016-1103
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137054/Adobe-Flash-Raw-565-Texture-Processing-Overflow.html
- http://packetstormsecurity.com/files/137054/Adobe-Flash-Raw-565-Texture-Processing-Overflow.html
- RHSA-2016:1079
- RHSA-2016:1079
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39826
- 39826
Modified: 2024-11-21
CVE-2016-1104
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137055/Adobe-Flash-Object-Placing-Out-Of-Bounds-Read.html
- http://packetstormsecurity.com/files/137055/Adobe-Flash-Object-Placing-Out-Of-Bounds-Read.html
- RHSA-2016:1079
- RHSA-2016:1079
- 90618
- 90618
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39825
- 39825
Modified: 2024-11-21
CVE-2016-1105
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137056/Adobe-Flash-FileReference-Type-Confusion.html
- http://packetstormsecurity.com/files/137056/Adobe-Flash-FileReference-Type-Confusion.html
- RHSA-2016:1079
- RHSA-2016:1079
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39829
- 39829
Modified: 2024-11-21
CVE-2016-1106
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137057/Adobe-Flash-SetNative-Use-After-Free.html
- http://packetstormsecurity.com/files/137057/Adobe-Flash-SetNative-Use-After-Free.html
- RHSA-2016:1079
- RHSA-2016:1079
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39831
- 39831
Modified: 2024-11-21
CVE-2016-1107
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1108
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1109
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-1110
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4108
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
- SUSE-SU-2016:1305
- SUSE-SU-2016:1305
- http://packetstormsecurity.com/files/137058/Adobe-Flash-addProperty-Use-After-Free.html
- http://packetstormsecurity.com/files/137058/Adobe-Flash-addProperty-Use-After-Free.html
- RHSA-2016:1079
- RHSA-2016:1079
- 1035827
- 1035827
- MS16-064
- MS16-064
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- 39830
- 39830
Modified: 2024-11-21
CVE-2016-4109
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4110
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4111
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4112
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4113
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4114
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4115
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2024-11-21
CVE-2016-4116
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Modified: 2025-02-14
CVE-2016-4117
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
- SUSE-SU-2016:1305
- openSUSE-SU-2016:1306
- openSUSE-SU-2016:1308
- openSUSE-SU-2016:1309
- RHSA-2016:1079
- 90505
- 1035826
- https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- GLSA-201606-08
- 46339
- SUSE-SU-2016:1305
- 46339
- GLSA-201606-08
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
- 1035826
- 90505
- RHSA-2016:1079
- openSUSE-SU-2016:1309
- openSUSE-SU-2016:1308
- openSUSE-SU-2016:1306
Closed bugs
Файловый конфликт с libwpd9