en

Sicherheitsupdates von systemd und dem Linux-Kernel.

Information zur Verwundbarkeit

CVE-2017-12134—Sicherheitsupdates

Details aus der Security-Datenbank:

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

CVE-2017-12153—Sicherheitsupdates

Details aus der Security-Datenbank:
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer deference and system crash.

CVE-2017-12154—SicherheitsupdatesDetails aus der Security-Datenbank:
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

CVE-2017-14051—Sicherheitsupdates Details aus der Security-Datenbank:
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

CVE-2017-14140
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.

CVE-2017-14156
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.

CVE-2017-14489
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.

CVE-2017-14497

Details aus der Security-Datenbank:
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.

CVE-2017-1000251

Details aus der Security-Datenbank:
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVE-2017-1000252

Details aus der Security-Datenbank:
ungültige Ticket-Nummer, kein Eintrag gefunden

Status der Problemlösungen

Wir empfehlen Ihnen ein umgehendes Systemupgrade um die aktuellen Patches zum Schließen der Sicherheitslücken zu erhalten.

en_s

One Comment

Schreibe einen Kommentar