在2017年2月份至2017年3月份Red hat CVE漏洞库发布了3个“重要”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。
2017年3月新的安全漏洞
以下是所有安全漏洞的内容,供您参考。
CVE名称 | 等级 | 影响组件 | 发布时间 |
|---|---|---|---|
CVE-2017-2636 | Important | kernel、kernel-rt | 2017/3/7 |
CVE-2016-9603 | Important | xen、kvm、qemu-kvm、qemu-kvm-rhev | 2017/3/14 |
CVE-2017-2647 | Important | kernel、kernel-rt | 2017/3/21 |
关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2017-2636 | |
|---|---|
标题 | CVE-2017-2636 |
描述 | A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. |
Find out more about CVE-2017-2636 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5(kernel) |
Red Hat Enterprise Linux 6(kernel) | |
Red Hat Enterprise Linux 7(kernel) | |
Red Hat Enterprise Linux 7(kernel-rt) | |
Bugzilla | 1428319: CVE-2017-2636 kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release() |
详细信息 | https://access.redhat.com/security/cve/cve-2017-2636 |
公告标识 CVE-2016-9603 | |
标题 | CVE-2016-9603 |
描述 | Quick Emulator (QEMU), built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process. |
Find out more about CVE-2016-9603 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (qemu-kvm-rhev) |
Red Hat Enterprise Linux 7 (qemu-kvm) | |
Red Hat Enterprise Linux 6 (qemu-kvm) | |
Red Hat Enterprise Linux 5 (kvm) | |
Red Hat Enterprise Linux 5 (xen) | |
Bugzilla | 1430056: CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection |
详细信息 | https://access.redhat.com/security/cve/cve-2016-9603 |
公告标识 CVE-2017-2647 | |
标题 | CVE-2017-2647 |
描述 | A null pointer dereference vulnerability was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL by unprivileged local user was found. It is possible that an attacker could crash the system or escalate privileges using this vulnerability. |
Find out more about CVE-2017-2647 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5(kernel) |
Red Hat Enterprise Linux 6(kernel) | |
Red Hat Enterprise Linux 7(kernel) | |
Red Hat Enterprise Linux 7(kernel-rt) | |
Bugzilla | 1428353: CVE-2017-2647 kernel: Null pointer dereference in search_keyring |
详细信息 | https://access.redhat.com/security/cve/cve-2017-2647 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。
