Описание
ELSA-2014-3021: Unbreakable Enterprise kernel security update (IMPORTANT)
[3.8.13-26.2.4.el6uek]
- aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721961] {CVE-2013-6383}
- vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721976] {CVE-2014-0077}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dtrace-modules-3.8.13-26.2.4.el6uek
0.4.2-3.el6
kernel-uek
3.8.13-26.2.4.el6uek
kernel-uek-debug
3.8.13-26.2.4.el6uek
kernel-uek-debug-devel
3.8.13-26.2.4.el6uek
kernel-uek-devel
3.8.13-26.2.4.el6uek
kernel-uek-doc
3.8.13-26.2.4.el6uek
kernel-uek-firmware
3.8.13-26.2.4.el6uek
kernel-uek-headers
3.8.13-26.2.4.el6uek
Связанные CVE
Связанные уязвимости
ELSA-2014-3022: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2014-0475: kernel security and bug fix update (IMPORTANT)
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.