ALT-BU-2017-2915-1
Branch t7 update bulletin.
Package kernel-image-un-def updated to version 4.1.38-alt0.M70P.1 for branch t7 in task 177541.
Closed vulnerabilities
BDU:2016-02353
Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2016-10088
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835
- RHSA-2017:0817
- RHSA-2017:0817
- [oss-security] 20161230 Re: Linux Kernel use-after-free in SCSI generic device interface
- [oss-security] 20161230 Re: Linux Kernel use-after-free in SCSI generic device interface
- 95169
- 95169
- 1037538
- 1037538
- RHSA-2017:1842
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2077
- RHSA-2017:2669
- RHSA-2017:2669
- https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835
- https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835
Modified: 2024-11-21
CVE-2016-7039
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
- RHSA-2016:2047
- RHSA-2016:2047
- RHSA-2016:2107
- RHSA-2016:2107
- RHSA-2016:2110
- RHSA-2016:2110
- [oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing
- [oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 93476
- 93476
- RHSA-2017:0372
- RHSA-2017:0372
- https://bto.bluecoat.com/security-advisory/sa134
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1375944
- https://bugzilla.redhat.com/show_bug.cgi?id=1375944
- https://patchwork.ozlabs.org/patch/680412/
- https://patchwork.ozlabs.org/patch/680412/
Modified: 2024-11-21
CVE-2016-7425
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
- [linux-kernel] 20160915 [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
- [linux-kernel] 20160915 [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
- [linux-kernel] 20160915 Re: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
- [linux-kernel] 20160915 Re: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
- [oss-security] 20160916 Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer()
- [oss-security] 20160916 Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer()
- 93037
- 93037
- USN-3144-1
- USN-3144-1
- USN-3144-2
- USN-3144-2
- USN-3145-1
- USN-3145-1
- USN-3145-2
- USN-3145-2
- USN-3146-1
- USN-3146-1
- USN-3146-2
- USN-3146-2
- USN-3147-1
- USN-3147-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1377330
- https://bugzilla.redhat.com/show_bug.cgi?id=1377330
- https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
- https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
- https://security-tracker.debian.org/tracker/CVE-2016-7425
- https://security-tracker.debian.org/tracker/CVE-2016-7425
Modified: 2024-11-21
CVE-2016-8632
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
- [oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow
- [oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow
- 94211
- 94211
- https://bugzilla.redhat.com/show_bug.cgi?id=1390832
- https://bugzilla.redhat.com/show_bug.cgi?id=1390832
- [netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()
- [netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()
Modified: 2024-11-21
CVE-2016-8655
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
- SUSE-SU-2016:3096
- SUSE-SU-2016:3096
- SUSE-SU-2016:3113
- SUSE-SU-2016:3113
- SUSE-SU-2016:3116
- SUSE-SU-2016:3116
- SUSE-SU-2016:3117
- SUSE-SU-2016:3117
- SUSE-SU-2016:3169
- SUSE-SU-2016:3169
- SUSE-SU-2016:3183
- SUSE-SU-2016:3183
- SUSE-SU-2016:3197
- SUSE-SU-2016:3197
- SUSE-SU-2016:3205
- SUSE-SU-2016:3205
- SUSE-SU-2016:3206
- SUSE-SU-2016:3206
- SUSE-SU-2016:3247
- SUSE-SU-2016:3247
- http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
- http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
- RHSA-2017:0386
- RHSA-2017:0386
- RHSA-2017:0387
- RHSA-2017:0387
- RHSA-2017:0402
- RHSA-2017:0402
- [oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)
- [oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)
- 94692
- 94692
- 1037403
- 1037403
- 1037968
- 1037968
- USN-3149-1
- USN-3149-1
- USN-3149-2
- USN-3149-2
- USN-3150-1
- USN-3150-1
- USN-3150-2
- USN-3150-2
- USN-3151-1
- USN-3151-1
- USN-3151-2
- USN-3151-2
- USN-3151-3
- USN-3151-3
- USN-3151-4
- USN-3151-4
- USN-3152-1
- USN-3152-1
- USN-3152-2
- USN-3152-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1400019
- https://bugzilla.redhat.com/show_bug.cgi?id=1400019
- https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
- https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
- https://source.android.com/security/bulletin/2017-03-01.html
- https://source.android.com/security/bulletin/2017-03-01.html
- 40871
- 40871
- 44696
- 44696
Modified: 2024-11-21
CVE-2016-8666
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
- RHSA-2016:2047
- RHSA-2016:2047
- RHSA-2016:2107
- RHSA-2016:2107
- RHSA-2016:2110
- RHSA-2016:2110
- RHSA-2017:0004
- RHSA-2017:0004
- [oss-security] 20161013 CVE Request: another recursion in GRE
- [oss-security] 20161013 CVE Request: another recursion in GRE
- 93562
- 93562
- RHSA-2017:0372
- RHSA-2017:0372
- https://bto.bluecoat.com/security-advisory/sa134
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1384991
- https://bugzilla.redhat.com/show_bug.cgi?id=1384991
- https://bugzilla.suse.com/show_bug.cgi?id=1001486
- https://bugzilla.suse.com/show_bug.cgi?id=1001486
- https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971
- https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971