On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system. Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
Product | Cisco Bug ID | Fixed Release Availability |
---|---|---|
Collaboration and Social Media | ||
Cisco WebEx Meetings Server Release 1.x | CSCvb85516 | 2.7MR2 (25-Nov-2016) 2.5MR6 (8-Dec-2016) 2.0MR9 (15-Dec-2016) |
Cisco WebEx Meetings Server Release 2.x | CSCvb85516 | 2.7MR2 (25-Nov-2016) 2.5MR6 (8-Dec-2016) 2.0MR9 (15-Dec-2016) |
Endpoint Clients and Client Software | ||
Cisco Jabber Guest | CSCvb85719 | 11.0 (30-Nov-2016) |
Network Application, Service, and Acceleration | ||
Cisco Visual Quality Experience Server | CSCvb85616 | Affected versions have been updated. |
Cisco Visual Quality Experience Tools Server | CSCvb85616 | Affected versions have been updated. |
Network Management and Provisioning | ||
Cisco Policy Suite | CSCvb96355 | |
Cisco Prime Access Registrar | CSCvb85559 | 7.2.1 (Dec. 2016) |
Cisco Prime Collaboration Provisioning | CSCvb85571 | 12.1 (23-Feb-2017) |
Cisco Prime Data Center Network Manager | CSCvb85528 | 10.1.2 (15-Nov-2016) |
Cisco Prime Service Catalog Virtual Appliance | CSCvb85607 | |
Cisco Videoscape Distribution Suite Service Manager | CSCvb85583 | 3.4.0 (25- Nov-2016) |
Routing and Switching - Enterprise and Service Provider | ||
Cisco Application Policy Infrastructure Controller (APIC) | CSCvb85529 | 2.2.1 (15-Jan-2017) |
Cisco Connected Grid Routers - Running Cisco CG-OS Software | CSCvb85526 | 15.6(3)M1 (25-Nov-2016) |
Cisco MITG RHEL OS | CSCvb94748 | |
Cisco Nexus 9000 Series Fabric Switches - ACI mode | CSCvb85531 | |
Cisco onePK All-in-One Virtual Machine | CSCvb85633 | No fix is expected. Use Update Manager Tool in Ubuntu to keep software up to date. |
Unified Computing | ||
Cisco Common Services Platform Collector | CSCvb85487 | Fix is currently available. |
Cisco UCS Director | CSCvb87054 | 6.0.1 (23-Nov-2016) |
Voice and Unified Communications Devices | ||
Cisco DX Series IP Phones | CSCvb85725 | |
Cisco IP Interoperability and Collaboration System (IPICS) | CSCvb85609 | Affected versions will be updated (11-Nov-2016) |
Cisco Paging Server (InformaCast) | CSCvb85713 | 11.5.2.1 (25-Nov-2016) |
Cisco Paging Server | CSCvb85713 | 11.5.2.1 (25-Nov-2016) |
Video, Streaming, TelePresence, and Transcoding Devices | ||
Cisco 4300 Series Digital Media Players | CSCvb85587 | 5.3.6RB4 (15-Nov-2016) 5.4.1(RB4) (15-Nov-2016) |
Cisco 4400 Series Digital Media Players | CSCvb85587 | 5.3.6RB4 (15-Nov-2016) 5.4.1(RB4) (15-Nov-2016) |
Cisco Cloud Object Storage | CSCvb85613 | 4.2.0 (30-Mar-2017) |
Cisco DCM Series D990x Digital Content Manager | CSCvb85547 | 19.10.0 ( 22-Dec-2016) |
Cisco Edge 300 Digital Media Player | CSCvb85669 | 1.6RB5 (25-Nov-2016) |
Cisco Edge 340 Digital Media Player | CSCvb85671 | 1.2RB1.03 (25-Nov-2016) |
Cisco Expressway Series | CSCvb85606 | X8.9 (5-Dec-2016) |
Cisco MXE 3500 Series Media Experience Engines | CSCvb85595 | 3.5.2 (4-Nov-2016) |
Cisco TelePresence Video Communication Server (VCS) | CSCvb85606 | X8.9 (5-Dec-2016) |
Cisco VDS Recorder | CSCvb85610 | 4.6.0 (31-Mar-2017) |
Cisco VDS-TV Caching Nodes | CSCvb85610 | 4.6.0 (31-Mar-2017) |
Cisco VDS-TV Streamer | CSCvb85610 | 4.6.0 (31-Mar-2017) |
Cisco VDS-TV Vault | CSCvb85610 | 4.6.0 (31-Mar-2017) |
Cisco Video Surveillance Media Server | CSCvb85647 | 7.9 (23-Nov-2016) |
Cisco Videoscape Distribution Suite Transparent Caching | CSCvb85679 | |
Cisco Videoscape Distribution Suite Video Recording | CSCvb85614 | 4.2.0 (30-Mar-2017) |
Wireless | ||
Cisco Mobility Services Engine | CSCvb85564 | 8.0.150.0 (31-Dec-2016) |
Cisco Hosted Services | ||
Cisco Prime Network Change and Configuration Management | CSCvb85490 | |
Cisco Smart Net Total Care - OnPrem | CSCvb89698 | 1.1.1 (14-Nov-2016) |
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.9 | Further investigation showed that Cisco ATA 187 Analog Telephone Adaptor and Cisco ATA 190 Series Analog Terminal Adapters are not affected. | Affected Products | Final | 2018-August-16 |
1.8 | Further investigation showed that Cisco SPA112 2-Port Phone Adapter, Cisco SPA122 Analog Telephone Adapter (ATA) with Router and Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) are not affected. | Affected Products | Final | 2018-August-15 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.