Ubuntu Security Notice 3343-2 - USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.
d771472809a932be46f79c1409e1dd9dUbuntu Security Notice 3338-2 - USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix for CVE-2017-1000364 introduced regressions for some Java applications. This update addresses the issue. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
324fdc6eb4d3403b6a4941ed04dd334fRed Hat Security Advisory 2017-1615-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list->frag_list) in the socket buffer. The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.
9cfe18ce0b936ec4aede687d0c578c6bRed Hat Security Advisory 2017-1616-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
7931eb75308b0094304dfb562742ac60Red Hat Security Advisory 2017-1647-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
41824a6599589efdca21090fad590230Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix security issues.
f766e50991a89ab3dca3597c9c697e30It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges.
802d5d0c1e8f0c95c047a7f9331ccb3dLinux kernel versions 4.10.1 and below suffer from a double-fetch vulnerability.
ae616a219ada3d4187b43ded936abd80Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
ff11a345e1bef3a88baf80b2a7e8c7b3Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
703176c01991d36308a0995357ad662bThe Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).
b23542b84fc8d61d694be45f97c3e24fThe Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.
7c585bfb15ecbd04c869fd0bab3f4c18The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0).
1c6c0db81091aedab0fc82d1ee665b44The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationTransaction (information class 1).
ea41d592dbc51283e2d7fd14a478737dThe Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationJobObject (information class 28).
12a2f41770434f070786073e16803719The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationJobObject (information class 12).
52f49991622492eff2a2a4681e7b14f5The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiMakeFontDir.
d1085ac2893976f246cd3e4b34861188The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationProcess (ProcessVmCounters).
e0446d1d69749e7ebc54e3c15b6f4e65The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationJobObject (BasicLimitInformation, ExtendedLimitInformation).
a4c5515d4150d3b050b4df9a68ec2fd2The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!ClientPrinterThunk.
127ce0058e06459ddf1b28b0c2e10f92The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in DeviceApi (PiDqIrpQueryGetResult, PiDqIrpQueryCreate, PiDqQueryCompletePendedIrp).
4e4a498ebab54e5dd1890edc3aabd6c7The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetRealizationInfo.
97b6a6507483eb9c23829ee30a5bc0fcThe Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetTextMetricsW.
0c9e8e1e6901f907ee10e8db7b16df58The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetOutlineTextMetricsInternalW.
332be683045638ea7d0e8491efbcc3c7The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiExtGetObjectW.
bc1f54aab9e54f6d87438b0f1cc4fb8d
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed