漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
An unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel.
A use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel.
A race condition in the audit subsystem in the Linux kernel.
A race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s.
漏洞危害
A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828)
A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136)
A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480)
解决方案
Refer to Ubuntu advisory USN-3098-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-lowlatency)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-powerpc-smp)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-generic-lpae)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-generic)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-powerpc64-emb)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-powerpc64-smp)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-powerpc-e500)
USN-3098-1: 14.04 (Kylin) on src (linux-image-3.13.0-98-powerpc-e500mc)
0day
文章评论