正文

多个厂商的操作系统竞争条件问题漏洞

admin
admin V管理员 /0 评论 /12 阅读
0212
此篇文章发布距今已超过1223天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

多个厂商的操作系统竞争条件问题漏洞

  • CNNVD编号:CNNVD-201805-208
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2018-8897
  • 漏洞类型: 竞争条件问题
  • 发布时间: 2018-05-09
  • 威胁类型: 本地
  • 更新时间: 2021-07-09
  • 厂        商: debian
  • 漏洞来源:

漏洞简介

Citrix Systems XenServer是美国思杰系统(Citrix Systems)公司的一套用于管理云、服务器和桌面虚拟基础架构的开源虚拟化平台。该平台可通过一个直观的界面提供虚拟机监控、管理和维护等功能。

多个厂商的操作系统中存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。以下产品及版本受到影响:Linux(debian)7.0版本,8.0版本,9.0版本;Enterprise Linux Server 7.0版本;Enterprise Linux Workstation 7.0版本;Enterprise Virtualization Manager 3.0版本;Xenserver 6.0.2版本,6.2.0版本,6.5版本,7.0版本,7.1版本,7.2版本,7.3版本,7.4版本;Synology Skynas;Diskstation Manager 5.2版本,6.0版本,6.1版本;macOS 10.13.4之前版本;Xen;FreeBSD 11.0版本及之后版本(11.1版本已修复)。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9

https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897

https://xenbits.xen.org/xsa/advisory-260.html

https://support.apple.com/en-us/HT208742

参考网址

来源:CONFIRM

链接:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

来源:MISC

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1567074

来源:MISC

链接:https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html

来源:MISC

链接:http://openwall.com/lists/oss-security/2018/05/08/4

来源:UBUNTU

链接:https://usn.ubuntu.com/3641-1/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html

来源:MISC

链接:http://openwall.com/lists/oss-security/2018/05/08/1

来源:MISC

链接:https://svnweb.freebsd.org/base?view=revision&revision=333368

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/44697/

来源:BID

链接:https://www.securityfocus.com/bid/104071

来源:CONFIRM

链接:https://www.synology.com/support/security/Synology_SA_18_21

来源:SECTRACK

链接:http://www.securitytracker.com/id/1040861

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html

来源:SECTRACK

链接:http://www.securitytracker.com/id/1040744

来源:SECTRACK

链接:http://www.securitytracker.com/id/1040866

来源:CONFIRM

链接:https://support.citrix.com/article/CTX234679

来源:DEBIAN

链接:https://www.debian.org/security/2018/dsa-4196

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1353

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1354

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1351

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1352

来源:UBUNTU

链接:https://usn.ubuntu.com/3641-2/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1350

来源:MISC

链接:https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1348

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1349

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1346

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1347

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1345

来源:MISC

链接:https://patchwork.kernel.org/patch/10386677/

来源:MISC

链接:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1318

来源:CERT-VN

链接:https://www.kb.cert.org/vuls/id/631579

来源:SECTRACK

链接:http://www.securitytracker.com/id/1040882

来源:MISC

链接:https://github.com/can1357/CVE-2018-8897/

来源:CONFIRM

链接:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1355

来源:MISC

链接:https://xenbits.xen.org/xsa/advisory-260.html

来源:SECTRACK

链接:http://www.securitytracker.com/id/1040849

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1319

来源:MISC

链接:https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20180927-0002/

来源:CONFIRM

链接:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:1524

来源:MISC

链接:https://support.apple.com/HT208742

来源:DEBIAN

链接:https://www.debian.org/security/2018/dsa-4201

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/45024/

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10872142

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/75922

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10879093

来源:www-01.ibm.com

链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10872142

来源:www.huawei.com

链接:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190921-01-debug-cn

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/78218

受影响实体

  • Debian Debian_linux:7.0  
    <!--
    2000-1-1
    -->
  • Debian Debian_linux:8.0  
    <!--
    2000-1-1
    -->
  • Debian Debian_linux:9.0  
    <!--
    2000-1-1
    -->

补丁

  • 多个厂商的操作系统安全漏洞的修复措施
    <!--
    2018-5-9
    -->