漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel.
An out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel.
It was discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.
It was discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero.
It was discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel.
It was discovered that the Linux kernel did not properly handle TCP packets with the URG flag.
It was discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations.
It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel.
It was discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums.
Race conditions in the Infrared (IrDA) subsystem in the Linux kernel.
漏洞危害
A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)
An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)
An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)
A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)
A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)
A remote attacker could use this to cause a denial of service. (CVE-2017-6214)
A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347)
A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)
解决方案
Refer to Ubuntu advisory USN-3265-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-75-generic-lpae)
USN-3265-1: 16.04 (Xenial) on src (linux-image-powerpc-smp)
USN-3265-1: 16.04 (Xenial) on src (linux-image-raspi2)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-75-generic)
USN-3265-1: 16.04 (Xenial) on src (linux-image-snapdragon)
USN-3265-1: 16.04 (Xenial) on src (linux-image-aws)
USN-3265-1: 16.04 (Xenial) on src (linux-image-generic)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-1054-raspi2)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-75-lowlatency)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-1016-aws)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-1012-gke)
USN-3265-1: 16.04 (Xenial) on src (linux-image-gke)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-75-powerpc-smp)
USN-3265-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc)
USN-3265-1: 16.04 (Xenial) on src (linux-image-generic-lpae)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-75-powerpc-e500mc)
USN-3265-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-1057-snapdragon)
USN-3265-1: 16.04 (Xenial) on src (linux-image-4.4.0-75-powerpc64-smp)
0day
文章评论