Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-3067

Опубликовано: 11 авг. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2014-3067: unbreakable enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-35.3.5.el7uek]

  • net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404231] {CVE-2014-0181}
  • net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404231]
  • net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404231]
  • netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404231]
  • sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404244] {CVE-2014-4667}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-35.3.5.el6uek

0.4.3-4.el6

kernel-uek

3.8.13-35.3.5.el6uek

kernel-uek-debug

3.8.13-35.3.5.el6uek

kernel-uek-debug-devel

3.8.13-35.3.5.el6uek

kernel-uek-devel

3.8.13-35.3.5.el6uek

kernel-uek-doc

3.8.13-35.3.5.el6uek

kernel-uek-firmware

3.8.13-35.3.5.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-35.3.5.el7uek

0.4.3-4.el7

kernel-uek

3.8.13-35.3.5.el7uek

kernel-uek-debug

3.8.13-35.3.5.el7uek

kernel-uek-debug-devel

3.8.13-35.3.5.el7uek

kernel-uek-devel

3.8.13-35.3.5.el7uek

kernel-uek-doc

3.8.13-35.3.5.el7uek

kernel-uek-firmware

3.8.13-35.3.5.el7uek

Связанные CVE

CVE-2014-4667
CVE-2014-0181

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2014-1023

oracle-oval
почти 11 лет назад

ELSA-2014-1023: kernel security and bug fix update (IMPORTANT)

ubuntu логотип

CVE-2014-0181

ubuntu
около 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

redhat логотип

CVE-2014-0181

redhat
около 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

nvd логотип

CVE-2014-0181

nvd
около 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

debian логотип

CVE-2014-0181

debian
около 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not ...