漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
An information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel.
A flaw in the TCP implementation's handling of challenge acks in the Linux kernel.
It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel.
漏洞危害
A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244)
A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696)
A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829)
解决方案
Refer to Ubuntu advisory USN-3072-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-highbank)
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-powerpc64-smp)
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-generic-pae)
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-generic)
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-virtual)
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-omap)
USN-3072-1: 12.04 (Precise) on src (linux-image-3.2.0-109-powerpc-smp)
0day
文章评论