漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
An information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel.
A flaw in the TCP implementation's handling of challenge acks in the Linux kernel.
A race condition in the MIC VOP driver in the Linux kernel.
It was discovered that on PowerPC platforms, the Linux kernel mishandled transactional memory state on exec().
It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel.
漏洞危害
A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244)
A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696)
A local attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-5728)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5828)
A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829)
解决方案
Refer to Ubuntu advisory USN-3071-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-lowlatency)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-powerpc-smp)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-generic-lpae)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-generic)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-powerpc64-emb)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-powerpc64-smp)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-powerpc-e500)
USN-3071-1: 14.04 (Kylin) on src (linux-image-3.13.0-95-powerpc-e500mc)
0day
文章评论