前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >Red Hat安全公告—2016年6月

Red Hat安全公告—2016年6月

作者头像
嘉为蓝鲸
发布2018-12-21 10:45:39
5850
发布2018-12-21 10:45:39
举报
文章被收录于专栏:嘉为蓝鲸的专栏

在2016年5月份至2016年6月份 Red hat CVE漏洞库发布了5个“重要”“严重”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。


2016年6月新的安全漏洞

由于漏洞太多,以下只列举了“严重”、“重要”程度的安全漏洞,供您参考。

CVE名称

等级

影响组件

发布时间

CVE-2016-0758

Important

kernel

2016/5/12

CVE-2016-1834

Important

libxml2

2016/5/23

CVE-2016-0749

Important

spice-server、spice

2016/6/6

CVE-2016-2150

Important

spice-server、spice

2016/6/6

CVE-2016-1583

Important

kernel

2016/6/10

关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:

https://access.redhat.com/security/cve/

备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。


安全漏洞详细信息

公告标识 CVE-2016-0758

标题

CVE-2016-0758

描述

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.

Find out more about CVE-2016-0758 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 7 (kernel)

Bugzilla

1300257: CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

详细信息

https://access.redhat.com/security/cve/cve-2016-0758

公告标识 CVE-2016-1834

标题

CVE-2016-1834

描述

libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.

Find out more about CVE-2016-1834 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 6 (libxml2)

Red Hat Enterprise Linux 7 (libxml2)

Bugzilla

1338708: CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat

详细信息

https://access.redhat.com/security/cve/cve-2016-1834

公告标识 CVE-2016-0749

标题

CVE-2016-0749

描述

A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process.

Find out more about CVE-2016-0749 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 6 (spice-server)

Red Hat Enterprise Linux 7 (spice )

Bugzilla

1300646: CVE-2016-0749 spice: heap-based memory corruption within smartcard handling

详细信息

https://access.redhat.com/security/cve/cve-2016-0749

公告标识 CVE-2016-2150

标题

CVE-2016-2150

描述

A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host.

Find out more about CVE-2016-2150 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 6 (spice-server)

Red Hat Enterprise Linux 7 ( spice )

Bugzilla

1313496: CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters

详细信息

https://access.redhat.com/security/cve/cve-2016-2150

公告标识 CVE-2016-1583

标题

CVE-2016-1583

描述

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Find out more about CVE-2016-1583 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 5 (kernel)

Red Hat Enterprise Linux 6 (kernel)

Bugzilla

1344721: CVE-2016-1583 kernel: Stack overflow via ecryptfs and /proc/$pid/environ

详细信息

https://access.redhat.com/security/cve/cve-2016-1583

注意和免责声明

关于信息的一致性:

如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。

本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2016-06-16,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 嘉为科技 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档