Описание
ELSA-2014-3052: unbreakable enterprise kernel security update (IMPORTANT)
kernel-uek [3.8.13-35.3.3.el7uek]
- filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315781] {CVE-2014-3144} {CVE-2014-3145}
- mac80211: fix AP powersave TX vs. wakeup race (Emmanuel Grumbach) [Orabug: 19316457] {CVE-2014-2706}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dtrace-modules-3.8.13-35.3.3.el6uek
0.4.3-4.el6
kernel-uek
3.8.13-35.3.3.el6uek
kernel-uek-debug
3.8.13-35.3.3.el6uek
kernel-uek-debug-devel
3.8.13-35.3.3.el6uek
kernel-uek-devel
3.8.13-35.3.3.el6uek
kernel-uek-doc
3.8.13-35.3.3.el6uek
kernel-uek-firmware
3.8.13-35.3.3.el6uek
Oracle Linux 7
Oracle Linux x86_64
dtrace-modules-3.8.13-35.3.3.el7uek
0.4.3-4.el7
kernel-uek
3.8.13-35.3.3.el7uek
kernel-uek-debug
3.8.13-35.3.3.el7uek
kernel-uek-debug-devel
3.8.13-35.3.3.el7uek
kernel-uek-devel
3.8.13-35.3.3.el7uek
kernel-uek-doc
3.8.13-35.3.3.el7uek
kernel-uek-firmware
3.8.13-35.3.3.el7uek
Связанные CVE
Связанные уязвимости
ELSA-2014-0981: kernel security, bug fix, and enhancement update (IMPORTANT)
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании
ELSA-2014-3053: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2014-3054: unbreakable enterprise kernel security update (IMPORTANT)
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.