Sun Baoliang

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux kernel versions prior to 3.18.8 Ubuntu linux-image-3.16.0 Ubuntu linux-image-3.2.0 **Description** The issue concerns multiple vulnerabilities in the Linux kernel, specifically affecting Red Hat Enterprise Linux and Ubuntu. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can cause a denial of service, slab corruption, and panic, or possibly have unspecified other impacts. This is achieved by triggering an INIT collision that leads to improper handling of shared-key data in the `sctp assoc update` function in `net/sctp/associola.c`. **Recommendations** For Red Hat Enterprise Linux kernel versions prior to 3.18.8: Update to a version 3.18.8 or later. For Ubuntu linux-image-3.16.0 and linux-image-3.2.0: Update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable `sctp assoc update` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** policycoreutils version 2.2.5 policycoreutils versions prior to 2.2.5-r4 **Description** The issue concerns a problem where a program executes in a way that alters the relationship between the setuid system call and the getresuid saved set-user-ID value. This makes it easier for local users to gain privileges by exploiting a program that mistakenly expected it could permanently drop privileges. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information and can be exploited locally. **Recommendations** For policycoreutils version 2.2.5, consider updating to a version newer than 2.2.5-r4 to resolve the issue. For policycoreutils versions prior to 2.2.5-r4, update to version 2.2.5-r4 or newer to fix the problem. As a temporary workaround, consider restricting the use of the setuid system call or the getresuid function to minimize the risk of exploitation.