漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle being invoked with incompatible algorithms.
It was discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header.
漏洞危害
A local attacker could use this to cause a denial of service (system crash). (CVE-2016-10147)
A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. (CVE-2016-8399)
解决方案
Refer to Ubuntu advisory USN-3189-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-powerpc-e500mc)
USN-3189-1: 16.04 (Xenial) on src (linux-image-raspi2)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-lowlatency)
USN-3189-1: 16.04 (Xenial) on src (linux-image-generic-lpae)
USN-3189-1: 16.04 (Xenial) on src (linux-image-lowlatency)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-generic)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-powerpc-smp)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-1046-snapdragon)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-1042-raspi2)
USN-3189-1: 16.04 (Xenial) on src (linux-image-powerpc-smp)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-powerpc64-smp)
USN-3189-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp)
USN-3189-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-powerpc64-emb)
USN-3189-1: 16.04 (Xenial) on src (linux-image-snapdragon)
USN-3189-1: 16.04 (Xenial) on src (linux-image-4.4.0-62-generic-lpae)
USN-3189-1: 16.04 (Xenial) on src (linux-image-generic)
USN-3189-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb)
0day
文章评论