Описание
ELSA-2014-3014: unbreakable enterprise kernel security update (IMPORTANT)
kernel-uek [3.8.13-26.2.2.el6uek]
- netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18421673] {CVE-2014-2523}
- cifs: ensure that uncached writes handle unmapped areas correctly (Jeff Layton) [Orabug: 18461067] {CVE-2014-0069} {CVE-2014-0069}
- net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461065] {CVE-2014-0101}
- vhost-net: insufficient handling of error conditions in get_rx_bufs() (Guangyu Sun) [Orabug: 18461050] {CVE-2014-0055}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dtrace-modules-3.8.13-26.2.2.el6uek
0.4.2-3.el6
kernel-uek
3.8.13-26.2.2.el6uek
kernel-uek-debug
3.8.13-26.2.2.el6uek
kernel-uek-debug-devel
3.8.13-26.2.2.el6uek
kernel-uek-devel
3.8.13-26.2.2.el6uek
kernel-uek-doc
3.8.13-26.2.2.el6uek
kernel-uek-firmware
3.8.13-26.2.2.el6uek
kernel-uek-headers
3.8.13-26.2.2.el6uek
Связанные CVE
Связанные уязвимости
ELSA-2014-3015: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2014-3016: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2014-0328: kernel security and bug fix update (IMPORTANT)
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.