Описание
ELSA-2015-3054: Unbreakable Enterprise kernel security update (MODERATE)
[2.6.39-400.250.9]
- x86, tls: Interpret an all-zero struct user_desc as 'no segment' (Andy Lutomirski) [Orabug: 21514969]
- x86, tls, ldt: Stop checking lm in LDT_empty (Andy Lutomirski) [Orabug: 21514969]
[2.6.39-400.250.8]
- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502740] {CVE-2015-0239} {CVE-2015-0239}
- x86/tls: Validate TLS entries to protect espfix (Andy Lutomirski) [Orabug: 20223777] {CVE-2014-8133}
- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502255] {CVE-2015-3339}
- eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502066] {CVE-2014-9683}
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kernel-uek
2.6.39-400.250.9.el5uek
kernel-uek-debug
2.6.39-400.250.9.el5uek
kernel-uek-debug-devel
2.6.39-400.250.9.el5uek
kernel-uek-devel
2.6.39-400.250.9.el5uek
kernel-uek-doc
2.6.39-400.250.9.el5uek
kernel-uek-firmware
2.6.39-400.250.9.el5uek
Oracle Linux i386
kernel-uek
2.6.39-400.250.9.el5uek
kernel-uek-debug
2.6.39-400.250.9.el5uek
kernel-uek-debug-devel
2.6.39-400.250.9.el5uek
kernel-uek-devel
2.6.39-400.250.9.el5uek
kernel-uek-doc
2.6.39-400.250.9.el5uek
kernel-uek-firmware
2.6.39-400.250.9.el5uek
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
2.6.39-400.250.9.el6uek
kernel-uek-debug
2.6.39-400.250.9.el6uek
kernel-uek-debug-devel
2.6.39-400.250.9.el6uek
kernel-uek-devel
2.6.39-400.250.9.el6uek
kernel-uek-doc
2.6.39-400.250.9.el6uek
kernel-uek-firmware
2.6.39-400.250.9.el6uek
Oracle Linux i686
kernel-uek
2.6.39-400.250.9.el6uek
kernel-uek-debug
2.6.39-400.250.9.el6uek
kernel-uek-debug-devel
2.6.39-400.250.9.el6uek
kernel-uek-devel
2.6.39-400.250.9.el6uek
kernel-uek-doc
2.6.39-400.250.9.el6uek
kernel-uek-firmware
2.6.39-400.250.9.el6uek
Связанные CVE
Связанные уязвимости
ELSA-2015-3055: Unbreakable Enterprise kernel security update (MODERATE)
ELSA-2015-1272: kernel security, bug fix, and enhancement update (MODERATE)
ELSA-2015-3053: Unbreakable Enterprise kernel security update (MODERATE)
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.