漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
A use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel.
It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages.
It was discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry.
It was discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated.
It was discovered that a null pointer dereference error existed in the PowerPC KVM implementation in the Linux kernel.
A race condition in the key management subsystem of the Linux kernel around keys in a negative state.
It was discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata.
It was discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel.
漏洞危害
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939)
A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405)
A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)
A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15306)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951)
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535)
A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)
解决方案
Refer to Ubuntu advisory USN-3507-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3507-1: 17.10 (artful) on src (linux-image-4.13.0-19-generic-lpae)
USN-3507-1: 17.10 (artful) on src (linux-image-generic-lpae)
USN-3507-1: 17.10 (artful) on src (linux-image-4.13.0-19-generic)
USN-3507-1: 17.10 (artful) on src (linux-image-4.13.0-1008-raspi2)
USN-3507-1: 17.10 (artful) on src (linux-image-lowlatency)
USN-3507-1: 17.10 (artful) on src (linux-image-raspi2)
USN-3507-1: 17.10 (artful) on src (linux-image-4.13.0-19-lowlatency)
0daybank
文章评论