Описание
ELSA-2015-0674: kernel security and bug fix update (IMPORTANT)
[2.6.32-504.12.2]
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
[2.6.32-504.12.1]
- [fs] splice: perform generic write checks (Eric Sandeen) [1163798 1155900] {CVE-2014-7822}
[2.6.32-504.11.1]
- [virt] kvm: excessive pages un-pinning in kvm_iommu_map error path (Jacob Tanenbaum) [1156520 1156521] {CVE-2014-8369}
- [x86] crypto: Add support for 192 & 256 bit keys to AESNI RFC4106 (Jarod Wilson) [1184332 1176211]
- [block] nvme: Clear QUEUE_FLAG_STACKABLE (David Milburn) [1180555 1155715]
- [net] netfilter: conntrack: disable generic tracking for known protocols (Daniel Borkmann) [1182071 1114697] {CVE-2014-8160}
- [xen] pvhvm: Fix vcpu hotplugging hanging (Vitaly Kuznetsov) [1179343 1164278]
- [xen] pvhvm: Don't point per_cpu(xen_vpcu, 33 and larger) to shared_info (Vitaly Kuznetsov) [1179343 1164278]
- [xen] enable PVHVM VCPU placement when using more than 32 CPUs (Vitaly Kuznetsov) [1179343 1164278]
- [xen] support large numbers of CPUs with vcpu info placement (Vitaly Kuznetsov) [1179343 1164278]
[2.6.32-504.10.1]
- [netdrv] tg3: Change nvram command timeout value to 50ms (Ivan Vecera) [1182903 1176230]
[2.6.32-504.9.1]
- [net] ipv6: increase ip6_rt_max_size to 16384 (Hannes Frederic Sowa) [1177581 1112946]
- [net] ipv6: don't set DST_NOCOUNT for remotely added routes (Hannes Frederic Sowa) [1177581 1112946]
- [net] ipv6: don't count addrconf generated routes against gc limit (Hannes Frederic Sowa) [1177581 1112946]
- [net] ipv6: Don't put artificial limit on routing table size (Hannes Frederic Sowa) [1177581 1112946]
- [scsi] bnx2fc: fix tgt spinlock locking (Maurizio Lombardi) [1179098 1079656]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel
2.6.32-504.12.2.el6
kernel-abi-whitelists
2.6.32-504.12.2.el6
kernel-debug
2.6.32-504.12.2.el6
kernel-debug-devel
2.6.32-504.12.2.el6
kernel-devel
2.6.32-504.12.2.el6
kernel-doc
2.6.32-504.12.2.el6
kernel-firmware
2.6.32-504.12.2.el6
kernel-headers
2.6.32-504.12.2.el6
perf
2.6.32-504.12.2.el6
python-perf
2.6.32-504.12.2.el6
Oracle Linux i686
kernel
2.6.32-504.12.2.el6
kernel-abi-whitelists
2.6.32-504.12.2.el6
kernel-debug
2.6.32-504.12.2.el6
kernel-debug-devel
2.6.32-504.12.2.el6
kernel-devel
2.6.32-504.12.2.el6
kernel-doc
2.6.32-504.12.2.el6
kernel-firmware
2.6.32-504.12.2.el6
kernel-headers
2.6.32-504.12.2.el6
perf
2.6.32-504.12.2.el6
python-perf
2.6.32-504.12.2.el6
Связанные CVE
Связанные уязвимости
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
The InfiniBand (IB) implementation in the Linux kernel package before ...
