CVE-2016-4805
https://notcve.org/view.php?id=CVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Vulnerabilidad de uso después de liberación de memoria en drivers/net/ppp/ppp_generic.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída de sistema o spinlock) o posiblemente tener otro impacto no especificado eliminando una red namespace, relacionado con las funciones ppp_register_net_channel y ppp_unregister_channel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org • CWE-416: Use After Free •
CVE-2016-4951
https://notcve.org/view.php?id=CVE-2016-4951
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. La función tipc_nl_publ_dump en net/tipc/socket.c en el kernel de Linux hasta la versión 4.6 no verifica la existencia del socket, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) o posiblemente tener otro impacto no especificado a través de una operación dumpit. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45e093ae2830cd1264677d47ff9a95a71f5d9f9c http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.openwall.net/netdev/2016/05/14/28 http://www.openwall.com/lists/oss-security/2016/05/21/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.ubuntu.com/usn/USN-3016-1 http •
CVE-2016-4581 – kernel: Slave being first propagated copy causes oops in propagate_mnt
https://notcve.org/view.php?id=CVE-2016-4581
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. fs/pnode.c en el kernel de Linux en versiones anteriores a 4.5.4 no cruza adecuadamente la propagación del montaje de árbol en un determinado caso implicando un montaje esclavo, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y OOPS) a través de una serie de llamadas de soporte manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4 http://www.openwall.com/lists/oss-security/2016/05/11/2 http://www.oracle.com/ • CWE-476: NULL Pointer Dereference •
CVE-2016-4913 – kernel: Information leak when handling NM entries containing NUL
https://notcve.org/view.php?id=CVE-2016-4913
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. La función get_rock_ridge_filename en fs/isofs/rock.c en el kernel de Linux en versiones anteriores a 4.5.5 no maneja correctamente entradas NM (también conocidas como alternate name) que contienen caracteres \0, lo que permite a usuarios locales obtener información sensible del kernel de memoria o posiblemente tener otro impacto no especificado a través de un sistema de archivo isofs manipulado. A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 http://www.openwall.com/lists/oss-security/2016/05/18/3 http://www.openwall.com/lists/oss-security/2016/05/18/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-4553 – squid: Cache poisoning issue in HTTP Request handling
https://notcve.org/view.php?id=CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. client_side.cc en Squid en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 no ignora correctamente la cabecera Host cuando se proporciona una URI absoluta, lo que permite a atacantes remotos llevar a cabo ataques de envenenamiento de caché a través de una petición HTTP. An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. • http://bugs.squid-cache.org/show_bug.cgi?id=4501 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1035768 http://www.squid-cache.org/Advisories/SQUID-2016_7.txt http& • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •