月度归档： 2017年6月

Fedora has released security update for gajim to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

This vulnerability could be exploited to gain partial access to sensitive information.

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 24 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-3c561780c8: Fedora 24

FEDORA-2017-3c561780c8: Fedora 25

Fedora has released security update for ettercap to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 24 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-8722576148: Fedora 24

FEDORA-2017-8722576148: Fedora 25

Oracle Enterprise Linux has released security update for glibc to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

An attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system.

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-1481: Oracle Linux 7

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

A reference count bug was discovered in the Linux kernel ipx protocol stack.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3331-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3331-1: 16.04 (Xenial) on src (linux-image-4.4.0-1020-aws)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

A reference count bug was discovered in the Linux kernel ipx protocol stack.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3332-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3332-1: 16.04 (Xenial) on src (linux-image-4.4.0-1059-raspi2)

USN-3332-1: 16.04 (Xenial) on src (linux-image-raspi2)

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel.

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

It was discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3333-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3333-1: 16.04 (Xenial) on src (linux-image-virtual-hwe-16.04)

USN-3333-1: 16.04 (Xenial) on src (linux-image-4.8.0-56-lowlatency)

USN-3333-1: 16.04 (Xenial) on src (linux-image-4.8.0-56-powerpc-smp)

USN-3333-1: 16.04 (Xenial) on src (linux-image-4.8.0-56-powerpc64-emb)

USN-3333-1: 16.04 (Xenial) on src (linux-image-4.8.0-56-generic-lpae)

USN-3333-1: 16.04 (Xenial) on src (linux-image-4.8.0-56-generic)

USN-3333-1: 16.04 (Xenial) on src (linux-image-generic-hwe-16.04)

USN-3333-1: 16.04 (Xenial) on src (linux-image-lowlatency-hwe-16.04)

USN-3333-1: 16.04 (Xenial) on src (linux-image-4.8.0-56-powerpc-e500mc)

USN-3333-1: 16.04 (Xenial) on src (linux-image-generic-lpae-hwe-16.04)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

A reference count bug was discovered in the Linux kernel ipx protocol stack.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3334-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-powerpc64-emb)

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-powerpc-smp)

USN-3334-1: 14.04 (Kylin) on src (linux-image-powerpc-e500mc-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-powerpc-smp-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-lowlatency)

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-powerpc64-smp)

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-generic-lpae)

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-generic)

USN-3334-1: 14.04 (Kylin) on src (linux-image-powerpc64-smp-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-generic-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-powerpc64-emb-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-generic-lpae-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-4.4.0-81-powerpc-e500mc)

USN-3334-1: 14.04 (Kylin) on src (linux-image-lowlatency-lts-xenial)

USN-3334-1: 14.04 (Kylin) on src (linux-image-virtual-lts-xenial)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel.

It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

An integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)

A privileged local attacker could use this to execute arbitrary code. (CVE-2017-0605)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3335-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3335-1: 14.04 (Kylin) on src (linux-image-powerpc64-emb)

USN-3335-1: 14.04 (Kylin) on src (linux-image-powerpc-e500)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lpae-lts-saucy)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-powerpc-smp)

USN-3335-1: 14.04 (Kylin) on src (linux-image-powerpc-e500mc)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-pae)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-powerpc64-emb)

USN-3335-1: 14.04 (Kylin) on src (linux-image-lowlatency)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-powerpc-e500mc)

USN-3335-1: 14.04 (Kylin) on src (linux-image-lowlatency-pae)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lpae-lts-trusty)

USN-3335-1: 14.04 (Kylin) on src (linux-image-omap)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-lowlatency)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-generic-lpae)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-generic)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lts-quantal)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lts-trusty)

USN-3335-1: 14.04 (Kylin) on src (linux-image-powerpc-smp)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lts-raring)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic)

USN-3335-1: 14.04 (Kylin) on src (linux-image-powerpc64-smp)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-powerpc64-smp)

USN-3335-1: 14.04 (Kylin) on src (linux-image-highbank)

USN-3335-1: 14.04 (Kylin) on src (linux-image-3.13.0-121-powerpc-e500)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lpae)

USN-3335-1: 14.04 (Kylin) on src (linux-image-generic-lts-saucy)

USN-3335-1: 14.04 (Kylin) on src (linux-image-virtual)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

A reference count bug was discovered in the Linux kernel ipx protocol stack.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3328-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-lowlatency-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-smp-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-powerpc64-emb)

USN-3328-1: 16.04 (Xenial) on src (linux-image-lowlatency-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-lowlatency-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-powerpc-smp)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-smp-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-smp-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-virtual-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-powerpc64-smp)

USN-3328-1: 16.04 (Xenial) on src (linux-image-lowlatency-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lpae-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-smp)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-virtual-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lpae)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lpae-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-smp-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-lowlatency)

USN-3328-1: 16.04 (Xenial) on src (linux-image-virtual-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-powerpc-e500mc)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lpae-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-generic-lpae)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb-lts-wily)

USN-3328-1: 16.04 (Xenial) on src (linux-image-virtual)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp-lts-utopic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-generic-lpae-lts-xenial)

USN-3328-1: 16.04 (Xenial) on src (linux-image-4.4.0-81-generic)

USN-3328-1: 16.04 (Xenial) on src (linux-image-virtual-lts-vivid)

USN-3328-1: 16.04 (Xenial) on src (linux-image-lowlatency)

USN-3328-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp)

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel.

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

It was discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3327-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3327-1: 16.10 (Yakkety) on src (linux-image-4.8.0-1040-raspi2)

USN-3327-1: 16.10 (Yakkety) on src (linux-image-raspi2)

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel.

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

It was discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3326-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3326-1: 16.10 (Yakkety) on src (linux-image-4.8.0-56-lowlatency)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-4.8.0-56-powerpc64-emb)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-4.8.0-56-powerpc-smp)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-powerpc-smp)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-powerpc64-emb)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-generic)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-4.8.0-56-generic-lpae)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-4.8.0-56-generic)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-virtual)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-lowlatency)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-powerpc64-smp)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-generic-lpae)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-powerpc-e500mc)

USN-3326-1: 16.10 (Yakkety) on src (linux-image-4.8.0-56-powerpc-e500mc)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel’s IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel’s IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3324-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3324-1: 17.04 (zesty) on src (linux-image-4.10.0-24-lowlatency)

USN-3324-1: 17.04 (zesty) on src (linux-image-lowlatency)

USN-3324-1: 17.04 (zesty) on src (linux-image-generic-lpae)

USN-3324-1: 17.04 (zesty) on src (linux-image-virtual)

USN-3324-1: 17.04 (zesty) on src (linux-image-powerpc-e500mc)

USN-3324-1: 17.04 (zesty) on src (linux-image-4.10.0-24-generic-lpae)

USN-3324-1: 17.04 (zesty) on src (linux-image-4.10.0-24-generic)

USN-3324-1: 17.04 (zesty) on src (linux-image-powerpc64-emb)

USN-3324-1: 17.04 (zesty) on src (linux-image-powerpc-smp)

USN-3324-1: 17.04 (zesty) on src (linux-image-generic)

USN-3324-1: 17.04 (zesty) on src (linux-image-powerpc64-smp)

SUSE has released security update for libgcrypt to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2

This vulnerability could be exploited to gain partial access to sensitive information.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1608-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1608-1: SUSE Enterprise Linux

SUSE has released security update for mercurial to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1606-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1606-1: SUSE Enterprise Linux

SUSE has released security update for netpbm to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1603-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1603-1: SUSE Enterprise Linux

SUSE has released security update for graphicsmagick to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1600-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1600-1: SUSE Enterprise Linux

SUSE has released security update for imagemagick to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1599-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1599-1: SUSE Enterprise Linux

CentOS has released security update for firefox to fix the vulnerabilities.

Affected Products:

centos 6
centos 7

Successful exploitation allows attacker to compromise the system.

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 andcentos 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

CESA-2017:1440: centos 6

CESA-2017:1440: centos 7

CentOS has released security update for qemu-kvm to fix the vulnerabilities.

Affected Products:

centos 7

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

CESA-2017:1430: centos 7

SUSE has released security update for postgresql93 to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

This vulnerability could be exploited to gain partial access to sensitive information.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory openSUSE-SU-2017:1495-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1495-1: OpenSuse

SUSE has released security update for libupnp to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory openSUSE-SU-2017:1485-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1485-1: OpenSuse

SUSE has released security update for mariadb to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory openSUSE-SU-2017:1475-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1475-1: OpenSuse

SUSE has released security update for the linux kernel to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1628-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1628-1: SUSE Enterprise Linux

SUSE has released security update for sudo to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1626-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1626-1: SUSE Enterprise Linux

SUSE has released security update for openvpn to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2

This vulnerability could be exploited to gain partial access to sensitive information.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1622-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1622-1: SUSE Enterprise Linux