Описание
ELSA-2014-3011: Unbreakable Enterprise kernel security update (IMPORTANT)
[3.8.13-26.1.1.el6uek]
- inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247287] {CVE-2013-7263} {CVE-2013-7265}
- inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238377] {CVE-2013-7263} {CVE-2013-7265}
- exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238348] {CVE-2013-2929}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dtrace-modules-3.8.13-26.1.1.el6uek
0.4.2-3.el6
kernel-uek
3.8.13-26.1.1.el6uek
kernel-uek-debug
3.8.13-26.1.1.el6uek
kernel-uek-debug-devel
3.8.13-26.1.1.el6uek
kernel-uek-devel
3.8.13-26.1.1.el6uek
kernel-uek-doc
3.8.13-26.1.1.el6uek
kernel-uek-firmware
3.8.13-26.1.1.el6uek
kernel-uek-headers
3.8.13-26.1.1.el6uek
Связанные CVE
Связанные уязвимости
ELSA-2014-3010: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2014-3009: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2014-0159: kernel security and bug fix update (IMPORTANT)
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.