在2016年11月份至2016年12月份Red hat CVE漏洞库发布了6个“重要”“严重”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。
2016年12月新的安全漏洞
以下是所有安全漏洞的内容,供您参考。
CVE名称 | 等级 | 影响组件 | 发布时间 |
|---|---|---|---|
CVE-2016-1248 | Important | vim | 2016/11/20 |
CVE-2016-8735 | Important | tomcat、tomcat5、tomcat6 | 2016/11/22 |
CVE-2016-8655 | Important | kernel-rt、kernel | 2016/12/6 |
CVE-2016-9637 | Important | qemu-kvm、kvm、xen | 2016/12/6 |
CVE-2016-9919 | Important | kernel-rt、kernel | 2016/12/8 |
CVE-2015-8967 | Important | kernel-rt、kernel | 2016/12/8 |
关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2016-1248 | |
|---|---|
标题 | CVE-2016-1248 |
描述 | A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. |
Find out more about CVE-2016-1248 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5 (vim) |
Red Hat Enterprise Linux 6 (vim) | |
Red Hat Enterprise Linux 7 (vim) | |
Bugzilla | 1398227: CVE-2016-1248 vim: Lack of validation of values for few options results in code exection |
详细信息 | https://access.redhat.com/security/cve/cve-2016-1248 |
公告标识 CVE-2016-8735 | |
标题 | CVE-2016-8735 |
描述 | The MITRE CVE dictionary describes this issue as: |
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | |
Find out more about CVE-2016-8735 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (tomcat) |
Red Hat Enterprise Linux 5 (tomcat5) | |
Red Hat Enterprise Linux 6 (tomcat6) | |
Bugzilla | 1397485: CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener |
详细信息 | https://access.redhat.com/security/cve/cve-2016-8735 |
公告标识 CVE-2016-8655 | |
标题 | CVE-2016-8655 |
描述 | A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. |
Find out more about CVE-2016-8655 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 ( kernel-rt ) |
Red Hat Enterprise Linux 7 ( kernel ) | |
Red Hat Enterprise Linux 6 ( kernel ) | |
Red Hat Enterprise Linux 5 ( kernel ) | |
Bugzilla | 400019: CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after free |
详细信息 | https://access.redhat.com/security/cve/cve-2016-8655 |
公告标识 CVE-2016-9637 | |
标题 | CVE-2016-9637 |
描述 | An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. |
Find out more about CVE-2016-9637 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (qemu-kvm-rhev) |
Red Hat Enterprise Linux 7 (qemu-kvm) | |
Red Hat Enterprise Linux 6 (qemu-kvm) | |
Red Hat Enterprise Linux 5 (kvm) | |
Red Hat Enterprise Linux 5 (xen) | |
Bugzilla | 1397043: CVE-2016-9637 XSA199 Xen: qemu ioport out-of-bounds array access (XSA-199) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-9637 |
公告标识 CVE-2016-9919 | |
标题 | CVE-2016-9919 |
描述 | The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. |
Find out more about CVE-2016-9919 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 ( kernel-rt ) |
Red Hat Enterprise Linux 7 ( kernel ) | |
Red Hat Enterprise Linux 6 ( kernel ) | |
Red Hat Enterprise Linux 5 ( kernel ) | |
Bugzilla | 1403260: CVE-2016-9919 kernel: Linux panic on fragemented IPv6 traffic (icmp6_send) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-9919 |
公告标识 CVE-2015-8967 | |
标题 | CVE-2015-8967 |
描述 | The MITRE CVE dictionary describes this issue as: |
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | |
Find out more about CVE-2015-8967 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 ( kernel-rt ) |
Red Hat Enterprise Linux 7 ( kernel ) | |
Red Hat Enterprise Linux 6 ( kernel ) | |
Red Hat Enterprise Linux 5 ( kernel ) | |
Bugzilla | 1404284: CVE-2015-8967 kernel: Strict page permission bypass |
详细信息 | https://access.redhat.com/security/cve/cve-2015-8967 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。
