Описание
ELSA-2014-3085: Unbreakable Enterprise kernel Security update (IMPORTANT)
[2.6.39-400.215.12]
- USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849335] {CVE-2014-3185}
- HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849318] {CVE-2014-3181}
- KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905687] {CVE-2014-3611}
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kernel-uek
2.6.39-400.215.12.el5uek
kernel-uek-debug
2.6.39-400.215.12.el5uek
kernel-uek-debug-devel
2.6.39-400.215.12.el5uek
kernel-uek-devel
2.6.39-400.215.12.el5uek
kernel-uek-doc
2.6.39-400.215.12.el5uek
kernel-uek-firmware
2.6.39-400.215.12.el5uek
Oracle Linux i386
kernel-uek
2.6.39-400.215.12.el5uek
kernel-uek-debug
2.6.39-400.215.12.el5uek
kernel-uek-debug-devel
2.6.39-400.215.12.el5uek
kernel-uek-devel
2.6.39-400.215.12.el5uek
kernel-uek-doc
2.6.39-400.215.12.el5uek
kernel-uek-firmware
2.6.39-400.215.12.el5uek
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
2.6.39-400.215.12.el6uek
kernel-uek-debug
2.6.39-400.215.12.el6uek
kernel-uek-debug-devel
2.6.39-400.215.12.el6uek
kernel-uek-devel
2.6.39-400.215.12.el6uek
kernel-uek-doc
2.6.39-400.215.12.el6uek
kernel-uek-firmware
2.6.39-400.215.12.el6uek
Oracle Linux i686
kernel-uek
2.6.39-400.215.12.el6uek
kernel-uek-debug
2.6.39-400.215.12.el6uek
kernel-uek-debug-devel
2.6.39-400.215.12.el6uek
kernel-uek-devel
2.6.39-400.215.12.el6uek
kernel-uek-doc
2.6.39-400.215.12.el6uek
kernel-uek-firmware
2.6.39-400.215.12.el6uek
Связанные CVE
Связанные уязвимости
ELSA-2014-3086: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2014-3084: Unbreakable Enterprise kernel Security update (IMPORTANT)
ELSA-2014-1843: kernel security and bug fix update (IMPORTANT)
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.