Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3405-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3405-1 advisory. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use...

Ubuntu: Security Advisory (USN-3405-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message que...

USN-3405-2 linux-lts-xenial vulnerabilities

USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message que...

USN-3405-1 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...

USN-3405-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...

Wireshark AMQP Parser Denial of Service Vulnerability

Wireshark is a suite of network packet analysis software developed by the Wireshark team. A security vulnerability in the Wireshark AMQP parser allows remote attackers to exploit the vulnerability to submit special requests for denial-of-service attacks...

DEBIAN-CVE-2017-11407

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt...

CVE-2017-1337

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245...

Double free

The sndmsndmidiinputread function in sound/isa/msnd/msndmidi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that...

DEBIAN-CVE-2017-9986

The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...

UBUNTU-CVE-2017-9986

The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...

CVE-2017-9985

The sndmsndmidiinputread function in sound/isa/msnd/msndmidi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that...

CVE-2017-9986

The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...

CVE-2017-9985

The sndmsndmidiinputread function in sound/isa/msnd/msndmidi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that...

CVE-2017-1117

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155...

The vulnerability of the WebSphere MQ message processing service allows a perpetrator to trigger a service failure.

The vulnerability of the WebSphere MQ messaging service is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

IBM WebSphere MQ Data Transformation Denial of Service Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. IBM WebSphere MQ fails to properly handle data transformations, allowing remote attackers to exploit the vulnerability by submitting a special request that could crash the application...

IBM WebSphere MQ Man-in-the-Middle Hijacking Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. IBM WebSphere MQ sends cryptographic data in clear text over the network, allowing remote attackers to exploit the vulnerability to sniff the network for sensitive information...

CVE-2016-8986

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...