Описание
ELSA-2013-2542: unbreakable enterprise kernel security update (IMPORTANT)
kernel-uek [2.6.32-400.29.3uek]
- block: do not pass disk names as format strings (Jerry Snitselaar) [Orabug: 17230124] {CVE-2013-2851}
- af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370765] {CVE-2013-2237}
- Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371054] {CVE-2012-6544}
- Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371072] {CVE-2012-6544}
- ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371079] {CVE-2013-2232}
- sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371121] {CVE-2013-2206}
- sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372129] {CVE-2013-2206}
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kernel-uek
2.6.32-400.29.3.el5uek
kernel-uek-debug
2.6.32-400.29.3.el5uek
kernel-uek-debug-devel
2.6.32-400.29.3.el5uek
kernel-uek-devel
2.6.32-400.29.3.el5uek
kernel-uek-doc
2.6.32-400.29.3.el5uek
kernel-uek-firmware
2.6.32-400.29.3.el5uek
kernel-uek-headers
2.6.32-400.29.3.el5uek
mlnx_en-2.6.32-400.29.3.el5uek
1.5.7-2
mlnx_en-2.6.32-400.29.3.el5uekdebug
1.5.7-2
ofa-2.6.32-400.29.3.el5uek
1.5.1-4.0.58
ofa-2.6.32-400.29.3.el5uekdebug
1.5.1-4.0.58
Oracle Linux i386
kernel-uek
2.6.32-400.29.3.el5uek
kernel-uek-debug
2.6.32-400.29.3.el5uek
kernel-uek-debug-devel
2.6.32-400.29.3.el5uek
kernel-uek-devel
2.6.32-400.29.3.el5uek
kernel-uek-doc
2.6.32-400.29.3.el5uek
kernel-uek-firmware
2.6.32-400.29.3.el5uek
kernel-uek-headers
2.6.32-400.29.3.el5uek
mlnx_en-2.6.32-400.29.3.el5uek
1.5.7-2
mlnx_en-2.6.32-400.29.3.el5uekdebug
1.5.7-2
ofa-2.6.32-400.29.3.el5uek
1.5.1-4.0.58
ofa-2.6.32-400.29.3.el5uekdebug
1.5.1-4.0.58
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
2.6.32-400.29.3.el6uek
kernel-uek-debug
2.6.32-400.29.3.el6uek
kernel-uek-debug-devel
2.6.32-400.29.3.el6uek
kernel-uek-devel
2.6.32-400.29.3.el6uek
kernel-uek-doc
2.6.32-400.29.3.el6uek
kernel-uek-firmware
2.6.32-400.29.3.el6uek
kernel-uek-headers
2.6.32-400.29.3.el6uek
mlnx_en-2.6.32-400.29.3.el6uek
1.5.7-0.1
mlnx_en-2.6.32-400.29.3.el6uekdebug
1.5.7-0.1
ofa-2.6.32-400.29.3.el6uek
1.5.1-4.0.58
ofa-2.6.32-400.29.3.el6uekdebug
1.5.1-4.0.58
Oracle Linux i686
kernel-uek
2.6.32-400.29.3.el6uek
kernel-uek-debug
2.6.32-400.29.3.el6uek
kernel-uek-debug-devel
2.6.32-400.29.3.el6uek
kernel-uek-devel
2.6.32-400.29.3.el6uek
kernel-uek-doc
2.6.32-400.29.3.el6uek
kernel-uek-firmware
2.6.32-400.29.3.el6uek
kernel-uek-headers
2.6.32-400.29.3.el6uek
mlnx_en-2.6.32-400.29.3.el6uek
1.5.7-0.1
mlnx_en-2.6.32-400.29.3.el6uekdebug
1.5.7-0.1
ofa-2.6.32-400.29.3.el6uek
1.5.1-4.0.58
ofa-2.6.32-400.29.3.el6uekdebug
1.5.1-4.0.58
Ссылки на источники
Связанные уязвимости
ELSA-2013-2543: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2013-1173: kernel security and bug fix update (IMPORTANT)
ELSA-2013-1166: kernel security and bug fix update (IMPORTANT)
ELSA-2013-1166-1: kernel security and bug fix update (IMPORTANT)
The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.