2018-01 Security Bulletin: CTPView: Multiple Linux kernel vulnerabilities.

  [JSA10839] Show Article Properties


Product Affected:
CTPView 7.1, 7.2, 7.3.
Problem:

CTPView releases 7.1R2, 7.3R3 and 7.4R1 address multiple Linux kernel vulnerabilities in prior releases.

The resolved issues include:

CVE CVSS Summary
CVE-2017-6074 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Linux kernel Linux kernel vulnerability that could allow local privilege escalation
CVE-2017-2634 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Linux kernel vulnerability that could allow denial of service

 

Solution:
These issues are addressed in CTPView 7.1R2, 7.3R3 and 7.4R1 and all subsequent releases.‚Äč

These issues are being tracked as 1284155 which is visible on the Customer Support website.

Workaround:

Customers can contact JTAC for the instruction on how to upgrade to kernel-2.6.18-419.el5.

Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
Modification History:
2018-01-10: Initial publication
Related Links:
CVSS Score:
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Risk Level:
High
Risk Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."