在2016年6月份至2016年7月份 Red hat CVE漏洞库发布了7个“重要”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。
2016年7月新的安全漏洞
以下是所有安全公告的内容,供您参考。
CVE名称 | 等级 | 影响组件 | 发布时间 |
|---|---|---|---|
CVE-2016-5320 | Important | libtiff | 2016/6/15 |
CVE-2016-4470 | Important | kernel、 kernel-rt | 2016/6/15 |
CVE-2016-4989 | Important | setroubleshoot | 2016/6/21 |
CVE-2016-4446 | Important | setroubleshoot-plugins | 2016/6/21 |
CVE-2016-4444 | Important | setroubleshoot-plugins | 2016/6/21 |
CVE-2016-4997 | Important | kernel、 kernel-rt | 2016/6/24 |
CVE-2016-5696 | Important | kernel、 kernel-rt | 2016/7/12 |
关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2016-5320 ▽ | |
|---|---|
标题 | CVE-2016-5320 |
描述 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Find out more about CVE-2016-5320 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (libtiff) |
Red Hat Enterprise Linux 6 (libtiff) | |
Bugzilla | 1346687: CVE-2016-5320 libtiff:Out-of-bounds write in PixarLogDecode()function in tif_pixarlog.c |
详细信息 | https://access.redhat.com/security/cve/cve-2016-5320 |
公告标识 CVE-2016-4470 ▽ | |
标题 | CVE-2016-4470 |
描述 | A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. |
Find out more about CVE-2016-4470 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( kernel ) |
Red Hat Enterprise Linux 7 (kernel) | |
Red Hat Enterprise Linux 7 (kernel-rt) | |
Bugzilla | 1341716: CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path |
详细信息 | https://access.redhat.com/security/cve/cve-2016-4470 |
公告标识 CVE-2016-4989 ▽ | |
标题 | CVE-2016-4989 |
描述 | Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges. |
Find out more about CVE-2016-4989 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 (setroubleshoot) |
Red Hat Enterprise Linux 7 ( setroubleshoot) | |
Bugzilla | 1346461: CVE-2016-4989 setroubleshoot: command injection issues |
详细信息 | https://access.redhat.com/security/cve/cve-2016-4989 |
公告标识 CVE-2016-4446 ▽ | |
标题 | CVE-2016-4446 |
描述 | A shell command injection flaw was found in the way the setroubleshoot allow_execstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges. |
Find out more about CVE-2016-4446 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( setroubleshoot-plugins) |
Red Hat Enterprise Linux 7 ( setroubleshoot-plugins ) | |
Bugzilla | 1339250: CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin |
详细信息 | https://access.redhat.com/security/cve/cve-2016-4446 |
公告标识 CVE-2016-4444 ▽ | |
标题 | CVE-2016-4444 |
描述 | A shell command injection flaw was found in the way the setroubleshoot allow_execmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges. |
Find out more about CVE-2016-4444 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( setroubleshoot-plugins) |
Red Hat Enterprise Linux 7 ( setroubleshoot-plugins ) | |
Bugzilla | 1332644: CVE-2016-4444 setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin |
详细信息 | https://access.redhat.com/security/cve/cve-2016-4444 |
公告标识 CVE-2016-4997 ▽ | |
标题 | CVE-2016-4997 |
描述 | A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. |
Find out more about CVE-2016-4997 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( kernel ) |
Red Hat Enterprise Linux 7 (kernel) | |
Red Hat Enterprise Linux 7 (kernel-rt) | |
Bugzilla | 1349722: CVE-2016-4997 kernel: compat IPT_SO_SET_REPLACE setsockopt |
详细信息 | https://access.redhat.com/security/cve/cve-2016-4997 |
公告标识 CVE-2016-5696 ▽ | |
标题 | CVE-2016-5696 |
描述 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Find out more about CVE-2016-5696 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( kernel ) |
Red Hat Enterprise Linux 7 (kernel) | |
Red Hat Enterprise Linux 7 (kernel-rt) | |
Bugzilla | 1354708: CVE-2016-5696 kernel: challenge ACK counter information disclosure. |
详细信息 | https://access.redhat.com/security/cve/cve-2016-5696 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。
