ALT Linux Team

Branch p8 update on 2016-10-24

2016-10-24

ALT-BU-2016-3080-1

Branch p8 update bulletin.

ALT-PU-2016-2159-1

Package kernel-image-std-def updated to version 4.4.27-alt0.M80P.1 for branch p8 in task 171252.

Closed vulnerabilities

Published: 2016-10-17
Modified: 2024-11-21

CVE-2016-7425

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2016-2160-1

Package kernel-image-un-def updated to version 4.7.10-alt0.M80P.1 for branch p8 in task 171256.

Closed vulnerabilities

Published: 2016-10-17
Modified: 2024-11-21

CVE-2016-7425

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top