Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-2585

Опубликовано: 28 нояб. 2013
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2013-2585: Unbreakable Enterprise Kernel security update (IMPORTANT)

kernel-uek [2.6.32-400.33.3uek]

  • af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17837974] {CVE-2013-2234}
  • drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17837971] {CVE-2013-2164}
  • fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17837966] {CVE-2013-1928}
  • Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17837959] {CVE-2012-6545}
  • Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17838023] {CVE-2012-6545}
  • llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17837945] {CVE-2013-3231}
  • HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17837942] {CVE-2013-2892}
  • HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17837936] {CVE-2013-2889}
  • HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17837936]
  • NFSv4: Check for buffer length in __nfs4_get_acl_uncached (Sven Wegener) [Orabug: 17837931] {CVE-2013-4591}
  • ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [Orabug: 17837999] {CVE-2013-4345}
  • HID: validate HID report id size (Kees Cook) [Orabug: 17837925] {CVE-2013-2888}
  • ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17837923] {CVE-2013-0343}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.32-400.33.3.el5uek

kernel-uek-debug

2.6.32-400.33.3.el5uek

kernel-uek-debug-devel

2.6.32-400.33.3.el5uek

kernel-uek-devel

2.6.32-400.33.3.el5uek

kernel-uek-doc

2.6.32-400.33.3.el5uek

kernel-uek-firmware

2.6.32-400.33.3.el5uek

kernel-uek-headers

2.6.32-400.33.3.el5uek

mlnx_en-2.6.32-400.33.3.el5uek

1.5.7-2

mlnx_en-2.6.32-400.33.3.el5uekdebug

1.5.7-2

ofa-2.6.32-400.33.3.el5uek

1.5.1-4.0.58

ofa-2.6.32-400.33.3.el5uekdebug

1.5.1-4.0.58

Oracle Linux i386

kernel-uek

2.6.32-400.33.3.el5uek

kernel-uek-debug

2.6.32-400.33.3.el5uek

kernel-uek-debug-devel

2.6.32-400.33.3.el5uek

kernel-uek-devel

2.6.32-400.33.3.el5uek

kernel-uek-doc

2.6.32-400.33.3.el5uek

kernel-uek-firmware

2.6.32-400.33.3.el5uek

kernel-uek-headers

2.6.32-400.33.3.el5uek

mlnx_en-2.6.32-400.33.3.el5uek

1.5.7-2

mlnx_en-2.6.32-400.33.3.el5uekdebug

1.5.7-2

ofa-2.6.32-400.33.3.el5uek

1.5.1-4.0.58

ofa-2.6.32-400.33.3.el5uekdebug

1.5.1-4.0.58

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.32-400.33.3.el6uek

kernel-uek-debug

2.6.32-400.33.3.el6uek

kernel-uek-debug-devel

2.6.32-400.33.3.el6uek

kernel-uek-devel

2.6.32-400.33.3.el6uek

kernel-uek-doc

2.6.32-400.33.3.el6uek

kernel-uek-firmware

2.6.32-400.33.3.el6uek

kernel-uek-headers

2.6.32-400.33.3.el6uek

mlnx_en-2.6.32-400.33.3.el6uek

1.5.7-0.1

mlnx_en-2.6.32-400.33.3.el6uekdebug

1.5.7-0.1

ofa-2.6.32-400.33.3.el6uek

1.5.1-4.0.58

ofa-2.6.32-400.33.3.el6uekdebug

1.5.1-4.0.58

Oracle Linux i686

kernel-uek

2.6.32-400.33.3.el6uek

kernel-uek-debug

2.6.32-400.33.3.el6uek

kernel-uek-debug-devel

2.6.32-400.33.3.el6uek

kernel-uek-devel

2.6.32-400.33.3.el6uek

kernel-uek-doc

2.6.32-400.33.3.el6uek

kernel-uek-firmware

2.6.32-400.33.3.el6uek

kernel-uek-headers

2.6.32-400.33.3.el6uek

mlnx_en-2.6.32-400.33.3.el6uek

1.5.7-0.1

mlnx_en-2.6.32-400.33.3.el6uekdebug

1.5.7-0.1

ofa-2.6.32-400.33.3.el6uek

1.5.1-4.0.58

ofa-2.6.32-400.33.3.el6uekdebug

1.5.1-4.0.58

Связанные CVE

CVE-2013-2234
CVE-2013-1928
CVE-2013-2892
CVE-2013-2889
CVE-2013-4345
CVE-2013-3231
CVE-2013-2164
CVE-2012-6545
CVE-2013-4591
CVE-2013-2888
CVE-2013-0343

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2013-1645

oracle-oval
больше 11 лет назад

ELSA-2013-1645: Oracle Linux 6 kernel update (IMPORTANT)

oracle-oval логотип

ELSA-2013-2584

oracle-oval
больше 11 лет назад

ELSA-2013-2584: Unbreakable Enterprise Kernel security update (IMPORTANT)

suse-cvrf логотип

SUSE-SU-2015:0652-1

suse-cvrf
больше 13 лет назад

Security update for Kernel

ubuntu логотип

CVE-2013-2234

ubuntu
около 12 лет назад

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

redhat логотип

CVE-2013-2234

redhat
около 12 лет назад

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.