Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2015-3032

Опубликовано: 23 апр. 2015
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2015-3032: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-68.1.3]

  • isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}
  • KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}
  • mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
  • selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-68.1.3.el6uek

0.4.3-4.el6

kernel-uek

3.8.13-68.1.3.el6uek

kernel-uek-debug

3.8.13-68.1.3.el6uek

kernel-uek-debug-devel

3.8.13-68.1.3.el6uek

kernel-uek-devel

3.8.13-68.1.3.el6uek

kernel-uek-doc

3.8.13-68.1.3.el6uek

kernel-uek-firmware

3.8.13-68.1.3.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-68.1.3.el7uek

0.4.3-4.el7

kernel-uek

3.8.13-68.1.3.el7uek

kernel-uek-debug

3.8.13-68.1.3.el7uek

kernel-uek-debug-devel

3.8.13-68.1.3.el7uek

kernel-uek-devel

3.8.13-68.1.3.el7uek

kernel-uek-doc

3.8.13-68.1.3.el7uek

kernel-uek-firmware

3.8.13-68.1.3.el7uek

Связанные CVE

CVE-2014-9584
CVE-2014-3215
CVE-2014-8171
CVE-2014-9529

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2015-0864

oracle-oval
около 10 лет назад

ELSA-2015-0864: kernel security and bug fix update (IMPORTANT)

oracle-oval логотип

ELSA-2015-3034

oracle-oval
около 10 лет назад

ELSA-2015-3034: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2015-3033

oracle-oval
около 10 лет назад

ELSA-2015-3033: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2014-9584

ubuntu
больше 10 лет назад

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

redhat логотип

CVE-2014-9584

redhat
больше 10 лет назад

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.