Linux Kernel 远程拒绝服务漏洞(CVE-2015-5364)

luohuayu

2017-01-13

Linux Kernel 远程拒绝服务漏洞(CVE-2015-5364)

发布日期：2017-01-13
更新日期：2017-01-13

受影响系统：

Linux kernel < 4.0.6

描述：

BUGTRAQ ID: 75510
CVE(CAN) ID: CVE-2015-5364

Linux Kernel是Linux操作系统的内核。

Linux kernel < 4.0.6版本，udp_recvmsg及udpv6_recvmsg函数未正确生成处理器，远程攻击者通过UDP数据包流内错误的校验和，利用此漏洞可造成拒绝服务。

<*来源：Salvatore Bonaccorso
*>

建议：

厂商补丁：

Linux
-----
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
https://bugzilla.redhat.com/show_bug.cgi?id=1239029
https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
DEBIAN:DSA-3329
URL:http://www.debian.org/security/2015/dsa-3329
DEBIAN:DSA-3313
URL:http://www.debian.org/security/2015/dsa-3313
RedHat:RHSA-2016:1225
URL:https://access.redhat.com/errata/RHSA-2016:1225
REDHAT:RHSA-2016:1096
URL:http://rhn.redhat.com/errata/RHSA-2016-1096.html
REDHAT:RHSA-2016:1100
URL:http://rhn.redhat.com/errata/RHSA-2016-1100.html
REDHAT:RHSA-2016:0045
URL:http://rhn.redhat.com/errata/RHSA-2016-0045.html
REDHAT:RHSA-2015:1778
URL:http://rhn.redhat.com/errata/RHSA-2015-1778.html
REDHAT:RHSA-2015:1787
URL:http://rhn.redhat.com/errata/RHSA-2015-1787.html
SUSE:SUSE-SU-2015:1478
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
SUSE:SUSE-SU-2015:1592
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
SUSE:SUSE-SU-2015:1611
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
SUSE:SUSE-SU-2015:1224
URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
SUSE:SUSE-SU-2015:1324
URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
SUSE:SUSE-SU-2015:1490
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
SUSE:openSUSE-SU-2015:1382
URL:http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
SUSE:SUSE-SU-2015:1487
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
SUSE:SUSE-SU-2015:1488
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
SUSE:SUSE-SU-2015:1489
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
SUSE:SUSE-SU-2015:1491
URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
Ubuntu:USN-2680-1
URL:http://www.ubuntu.com/usn/USN-2680-1
UBUNTU:USN-2681-1
URL:http://www.ubuntu.com/usn/USN-2681-1
UBUNTU:USN-2682-1
URL:http://www.ubuntu.com/usn/USN-2682-1
UBUNTU:USN-2683-1
URL:http://www.ubuntu.com/usn/USN-2683-1
UBUNTU:USN-2684-1
URL:http://www.ubuntu.com/usn/USN-2684-1
UBUNTU:USN-2713-1
URL:http://www.ubuntu.com/usn/USN-2713-1
UBUNTU:USN-2714-1
URL:http://www.ubuntu.com/usn/USN-2714-1
BID:75510
URL:http://www.securityfocus.com/bid/75510