The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
www.debian.org/security/2016/dsa-3607
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
www.openwall.com/lists/oss-security/2016/05/18/3
www.openwall.com/lists/oss-security/2016/05/18/5
www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
www.securityfocus.com/bid/90730
www.ubuntu.com/usn/USN-3016-1
www.ubuntu.com/usn/USN-3016-2
www.ubuntu.com/usn/USN-3016-3
www.ubuntu.com/usn/USN-3016-4
www.ubuntu.com/usn/USN-3017-1
www.ubuntu.com/usn/USN-3017-2
www.ubuntu.com/usn/USN-3017-3
www.ubuntu.com/usn/USN-3018-1
www.ubuntu.com/usn/USN-3018-2
www.ubuntu.com/usn/USN-3019-1
www.ubuntu.com/usn/USN-3020-1
www.ubuntu.com/usn/USN-3021-1
www.ubuntu.com/usn/USN-3021-2
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
bugzilla.redhat.com/show_bug.cgi?id=1337528
github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6