CVE-2018-5333
published 2018-01-11CVE-2018-5333: In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is…
PriorityP335medium5.5CVSS 3.0
AVLACLPRLUINSUCNINAH
EXPLOIT
EPSS
7.68%
93.8th percentile
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.14.17-1 (bookworm) | linux 4.14.17-1 (bookworm) |
| linux | linux_kernel | <= 4.14.13 | — |
| linux | linux_kernel | >= 0 < 4.14.17-1 | 4.14.17-1 |
| linux | linux_kernel | >= 0 < 4.14.17-1 | 4.14.17-1 |
| linux | linux_kernel | >= 0 < 4.14.17-1 | 4.14.17-1 |
| linux | linux_kernel | >= 0 < 4.14.17-1 | 4.14.17-1 |
| linux | linux_kernel | >= 0 < 3.13.0-142.191 | 3.13.0-142.191 |
| linux | linux_kernel | >= 0 < 4.4.0-119.143 | 4.4.0-119.143 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2018-04-24·CVSS 7.8
CVE-2017-0861 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2017-1000407)
It was discovered that a use-after-free vulnerability existed in the
network namespaces implementation in the Linux kernel. A local attacker
could use this to cause a denial of servic
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2018-04-05·CVSS 7.8
CVE-2017-0861 [HIGH] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
in the Linux kernel improperly performed sign extension in some situations.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-16995)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-04-04·CVSS 7.8
CVE-2017-0861 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
in the Linux kernel improperly performed sign extension in some situations.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-16995)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2018-04-04·CVSS 7.8
CVE-2017-0861 [HIGH] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that a use-after-free vulnerability existed in the
network namespaces implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-15129)
Andrey Konovalov discovered that the usbtest device driver in the Linux
kernel did not properly validate endpoint metadata. A physically proximate
attacker coul
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-04-03·CVSS 7.8
CVE-2017-0861 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2017-1000407)
It was discovered that a use-after-free vulnerability existed in the
network namespaces implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (syste
Ubuntu
Linux (HWE) vulnerabilities
vendor_ubuntu·2018-04-03·CVSS 7.8
CVE-2017-0861 [HIGH] Linux (HWE) vulnerabilities
Title: Linux (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-02-23·CVSS 7.8
CVE-2017-0750 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacke
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2018-02-23·CVSS 7.8
CVE-2017-0750 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.
It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this
Red Hat
kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
vendor_redhat·2018-01-03·CVSS 5.5
CVE-2018-5333 [MEDIUM] CWE-476 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
In the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.
Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional infor
Debian
CVE-2018-5333: linux - In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdm...
vendor_debian·2018·CVSS 5.5
CVE-2018-5333 [MEDIUM] CVE-2018-5333: linux - In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdm...
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
Scope: local
bookworm: resolved (fixed in 4.14.17-1)
bullseye: resolved (fixed in 4.14.17-1)
forky: resolved (fixed in 4.14.17-1)
sid: resolved (fixed in 4.14.17-1)
trixie: resolved (fixed in 4.14.17-1)
GHSA
GHSA-fgqv-475c-x2p6: In the Linux kernel through 4
ghsa_unreviewed·2022-05-13
CVE-2018-5333 [MEDIUM] CWE-476 GHSA-fgqv-475c-x2p6: In the Linux kernel through 4
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
OSV
linux-azure vulnerabilities
osv·2018-04-24·CVSS 7.8
CVE-2017-0861 [HIGH] linux-azure vulnerabilities
linux-azure vulnerabilities
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2017-1000407)
It was discovered that a use-after-free vulnerability existed in the
network namespaces implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-15129)
It was disc
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2018-04-05·CVSS 7.8
[HIGH] linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
in the Linux kernel improperly performed sign extension in some situations.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-16995)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-08
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2018-04-04·CVSS 7.8
CVE-2017-16995 [HIGH] linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
in the Linux kernel improperly performed sign extension in some situations.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-16995)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial
OSV
linux-hwe, linux-gcp, linux-oem vulnerabilities
osv·2018-04-03·CVSS 7.8
[HIGH] linux-hwe, linux-gcp, linux-oem vulnerabilities
linux-hwe, linux-gcp, linux-oem vulnerabilities
USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in the host OS.
(CVE-2017-1000407)
It was discovered that a use-after-free
OSV
linux vulnerabilities
osv·2018-02-23·CVSS 7.8
CVE-2017-0750 [HIGH] linux vulnerabilities
linux vulnerabilities
It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in th
OSV
CVE-2018-5333: In the Linux kernel through 4
osv·2018-01-11·CVSS 5.5
CVE-2018-5333 [MEDIUM] CVE-2018-5333: In the Linux kernel through 4
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
No detection rules found.
Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
exploitdb·2020-01-23
CVE-2019-9213 Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation',
'Description' => %q{
This module attempts to gain root privileges on Linux systems by abusing
a NULL pointer dereference in the `rds_atomic_free_op` function in the
Reliable Datagram Sockets (RDS) kernel module (rds.ko).
Successful exploitation requires the RDS kernel module to be loaded.
If the RDS module is not blacklisted (default); then it will be loaded
automatically.
This exploit supports 64-bit Ubuntu Linux
Metasploit
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
metasploit
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
This module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the `rds_atomic_free_op` function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. Target offsets are available for: Ubuntu 16.04 kernels 4.4.0 <= 4.4.0-116-generic; and Ubuntu 16.04 kernels 4.8.0 <= 4.8.0-54-generic. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exp
Bugzilla
CVE-2018-5332 CVE-2018-5333 kernel: various flaws [fedora-all]
bugzilla·2018-01-12·CVSS 7.8
CVE-2018-5332 [HIGH] CVE-2018-5332 CVE-2018-5333 kernel: various flaws [fedora-all]
CVE-2018-5332 CVE-2018-5333 kernel: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Whi
Bugzilla
CVE-2018-5333 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
bugzilla·2018-01-12·CVSS 5.5
CVE-2018-5333 [MEDIUM] CVE-2018-5333 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
CVE-2018-5333 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
In the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user, leading to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.
References:
https://marc.info/?t=151501368300001&r=1&w=4
https://patchwork.ozlabs.org/patch/855213/
An upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1533895]
---
Statement:
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise L
CTF
Pwn_forest / README
ctf_writeups·2020
CVE-2018-5333 Pwn_forest / README
# forest
## Author
`Unknown`
## Description
```text
Do you want to challenge Boss?Yeah, you must get out of this forest,
and I am the king of the forest.
hint:
cve-2018-5333
URL
China:119.3.156.29 9876
Overseas:149.248.16.204 9876
```
## Distribution
- `forest_attachment.zip`
## Points
`1000`
## Solves
`1`
## Writeup
- N/A
CTF
exploit / README
ctf_writeups·2020·CVSS 5.5
CVE-2018-5333 [MEDIUM] exploit / README
# forest - Kernel Exploit Writeup
---
- CTF: GACTF2020
- Challenge: forest
- Solves: 1
- Kernel: Linux 5.6.9
- Vulnerability: UAF + Double Free
- Exploit Technique:
- seq_operations UAF reclaim
- pipe_buffer leak
- timerfd callback hijack
- stack pivot + kernel ROP
---
# Overview
`forest` is a Linux Kernel Pwn challenge based on a vulnerable `/dev/forest` driver.
The driver contains a classic:
- Use-After-Free
- Double Free
- Stale Pointer Read
The challenge hint references:
- CVE-2018-5333 (RDS UAF)
However, the challenge can be solved without using RDS.
This writeup introduces four exploit variants:
| Exploit | Leak Object | RIP Control | Stability |
|---|---|---|---|
| exp01 | pipe + msg_msg | seq_operations | Low |
| exp02 | seq_operations | seq_operations | Very High |
| e
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.htmlhttp://www.securityfocus.com/bid/102510https://access.redhat.com/errata/RHSA-2018:0470https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlhttps://usn.ubuntu.com/3583-1/https://usn.ubuntu.com/3583-2/https://usn.ubuntu.com/3617-1/https://usn.ubuntu.com/3617-2/https://usn.ubuntu.com/3617-3/https://usn.ubuntu.com/3619-1/https://usn.ubuntu.com/3619-2/https://usn.ubuntu.com/3632-1/https://www.debian.org/security/2018/dsa-4187http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.htmlhttp://www.securityfocus.com/bid/102510https://access.redhat.com/errata/RHSA-2018:0470https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlhttps://usn.ubuntu.com/3583-1/https://usn.ubuntu.com/3583-2/https://usn.ubuntu.com/3617-1/https://usn.ubuntu.com/3617-2/https://usn.ubuntu.com/3617-3/https://usn.ubuntu.com/3619-1/https://usn.ubuntu.com/3619-2/https://usn.ubuntu.com/3632-1/https://www.debian.org/security/2018/dsa-4187
2018-01-11
Published