Описание
ELSA-2014-3082: Unbreakable Enterprise kernel security update (IMPORTANT)
[2.6.39-400.215.11]
- ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817786] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817748] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817647] {CVE-2014-3601}
- mm: try_to_unmap_cluster() should lock_page() before mlocking (Vlastimil Babka) [Orabug: 19817323] {CVE-2014-3122}
- vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) [Orabug: 19816563] {CVE-2013-2596}
- vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 19816563] {CVE-2013-2596}
- net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816068] {CVE-2014-5077}
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kernel-uek
2.6.39-400.215.11.el5uek
kernel-uek-debug
2.6.39-400.215.11.el5uek
kernel-uek-debug-devel
2.6.39-400.215.11.el5uek
kernel-uek-devel
2.6.39-400.215.11.el5uek
kernel-uek-doc
2.6.39-400.215.11.el5uek
kernel-uek-firmware
2.6.39-400.215.11.el5uek
Oracle Linux i386
kernel-uek
2.6.39-400.215.11.el5uek
kernel-uek-debug
2.6.39-400.215.11.el5uek
kernel-uek-debug-devel
2.6.39-400.215.11.el5uek
kernel-uek-devel
2.6.39-400.215.11.el5uek
kernel-uek-doc
2.6.39-400.215.11.el5uek
kernel-uek-firmware
2.6.39-400.215.11.el5uek
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
2.6.39-400.215.11.el6uek
kernel-uek-debug
2.6.39-400.215.11.el6uek
kernel-uek-debug-devel
2.6.39-400.215.11.el6uek
kernel-uek-devel
2.6.39-400.215.11.el6uek
kernel-uek-doc
2.6.39-400.215.11.el6uek
kernel-uek-firmware
2.6.39-400.215.11.el6uek
Oracle Linux i686
kernel-uek
2.6.39-400.215.11.el6uek
kernel-uek-debug
2.6.39-400.215.11.el6uek
kernel-uek-debug-devel
2.6.39-400.215.11.el6uek
kernel-uek-devel
2.6.39-400.215.11.el6uek
kernel-uek-doc
2.6.39-400.215.11.el6uek
kernel-uek-firmware
2.6.39-400.215.11.el6uek
Ссылки на источники
Связанные уязвимости
ELSA-2014-3083: Unbreakable Enterprise kernel Security update (IMPORTANT)
ELSA-2014-1392: kernel security, bug fix, and enhancement update (IMPORTANT)
ELSA-2014-3081: Unbreakable Enterprise kernel security update (IMPORTANT)
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.