漏洞信息
It was discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.
It was discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests.
It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred.
An information leak in the netlink implementation of the Linux kernel.
漏洞危害
A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)
An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961)
A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470)
A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243)
解决方案
Refer to Ubuntu advisory USN-3049-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-highbank)
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-powerpc64-smp)
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-generic-pae)
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-generic)
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-virtual)
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-omap)
USN-3049-1: 12.04 (Precise) on src (linux-image-3.2.0-107-powerpc-smp)
0day
文章评论