Linux kernel is vulnerable to memory corruption attacks. This exists in the get_rock_ridge_filename
function in fs/isofs/rock.c
. This occurs because of the payloads of NM entries are not supposed to contain NULL which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
www.debian.org/security/2016/dsa-3607
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
www.openwall.com/lists/oss-security/2016/05/18/3
www.openwall.com/lists/oss-security/2016/05/18/5
www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
www.securityfocus.com/bid/90730
www.ubuntu.com/usn/USN-3016-1
www.ubuntu.com/usn/USN-3016-2
www.ubuntu.com/usn/USN-3016-3
www.ubuntu.com/usn/USN-3016-4
www.ubuntu.com/usn/USN-3017-1
www.ubuntu.com/usn/USN-3017-2
www.ubuntu.com/usn/USN-3017-3
www.ubuntu.com/usn/USN-3018-1
www.ubuntu.com/usn/USN-3018-2
www.ubuntu.com/usn/USN-3019-1
www.ubuntu.com/usn/USN-3020-1
www.ubuntu.com/usn/USN-3021-1
www.ubuntu.com/usn/USN-3021-2
access.redhat.com/articles/3553061
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/security/cve/CVE-2017-18360
access.redhat.com/security/cve/CVE-2018-18690
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1322930
bugzilla.redhat.com/show_bug.cgi?id=1337528
bugzilla.redhat.com/show_bug.cgi?id=1488484
bugzilla.redhat.com/show_bug.cgi?id=1504058
bugzilla.redhat.com/show_bug.cgi?id=1507027
bugzilla.redhat.com/show_bug.cgi?id=1542494
bugzilla.redhat.com/show_bug.cgi?id=1557434
bugzilla.redhat.com/show_bug.cgi?id=1557599
bugzilla.redhat.com/show_bug.cgi?id=1558328
bugzilla.redhat.com/show_bug.cgi?id=1561162
bugzilla.redhat.com/show_bug.cgi?id=1563697
bugzilla.redhat.com/show_bug.cgi?id=1564186
bugzilla.redhat.com/show_bug.cgi?id=1568167
bugzilla.redhat.com/show_bug.cgi?id=1572983
bugzilla.redhat.com/show_bug.cgi?id=1584775
bugzilla.redhat.com/show_bug.cgi?id=1592654
bugzilla.redhat.com/show_bug.cgi?id=1609717
github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6