漏洞类别:RedHat
漏洞等级: 
漏洞信息
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)
* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)
漏洞危害
A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:2574 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论