Описание
ELSA-2016-3567: Unbreakable Enterprise kernel security update (IMPORTANT)
kernel-uek [2.6.32-400.37.17]
- net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543}
- ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) [Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324}
- ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263242] {CVE-2015-8215}
- ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts'o) [Orabug: 23262201] {CVE-2015-7509}
- ext4: make orphan functions be no-op in no-journal mode (Anatol Pomozov) [Orabug: 23262201] {CVE-2015-7509}
- unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262258] {CVE-2013-4312} {CVE-2013-4312}
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kernel-uek
2.6.32-400.37.17.el5uek
kernel-uek-debug
2.6.32-400.37.17.el5uek
kernel-uek-debug-devel
2.6.32-400.37.17.el5uek
kernel-uek-devel
2.6.32-400.37.17.el5uek
kernel-uek-doc
2.6.32-400.37.17.el5uek
kernel-uek-firmware
2.6.32-400.37.17.el5uek
mlnx_en-2.6.32-400.37.17.el5uek
1.5.7-2
mlnx_en-2.6.32-400.37.17.el5uekdebug
1.5.7-2
ofa-2.6.32-400.37.17.el5uek
1.5.1-4.0.58
ofa-2.6.32-400.37.17.el5uekdebug
1.5.1-4.0.58
Oracle Linux i386
kernel-uek
2.6.32-400.37.17.el5uek
kernel-uek-debug
2.6.32-400.37.17.el5uek
kernel-uek-debug-devel
2.6.32-400.37.17.el5uek
kernel-uek-devel
2.6.32-400.37.17.el5uek
kernel-uek-doc
2.6.32-400.37.17.el5uek
kernel-uek-firmware
2.6.32-400.37.17.el5uek
mlnx_en-2.6.32-400.37.17.el5uek
1.5.7-2
mlnx_en-2.6.32-400.37.17.el5uekdebug
1.5.7-2
ofa-2.6.32-400.37.17.el5uek
1.5.1-4.0.58
ofa-2.6.32-400.37.17.el5uekdebug
1.5.1-4.0.58
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
2.6.32-400.37.17.el6uek
kernel-uek-debug
2.6.32-400.37.17.el6uek
kernel-uek-debug-devel
2.6.32-400.37.17.el6uek
kernel-uek-devel
2.6.32-400.37.17.el6uek
kernel-uek-doc
2.6.32-400.37.17.el6uek
kernel-uek-firmware
2.6.32-400.37.17.el6uek
mlnx_en-2.6.32-400.37.17.el6uek
1.5.7-0.1
mlnx_en-2.6.32-400.37.17.el6uekdebug
1.5.7-0.1
ofa-2.6.32-400.37.17.el6uek
1.5.1-4.0.58
ofa-2.6.32-400.37.17.el6uekdebug
1.5.1-4.0.58
Oracle Linux i686
kernel-uek
2.6.32-400.37.17.el6uek
kernel-uek-debug
2.6.32-400.37.17.el6uek
kernel-uek-debug-devel
2.6.32-400.37.17.el6uek
kernel-uek-devel
2.6.32-400.37.17.el6uek
kernel-uek-doc
2.6.32-400.37.17.el6uek
kernel-uek-firmware
2.6.32-400.37.17.el6uek
mlnx_en-2.6.32-400.37.17.el6uek
1.5.7-0.1
mlnx_en-2.6.32-400.37.17.el6uekdebug
1.5.7-0.1
ofa-2.6.32-400.37.17.el6uek
1.5.1-4.0.58
ofa-2.6.32-400.37.17.el6uekdebug
1.5.1-4.0.58
Ссылки на источники
Связанные уязвимости
ELSA-2016-0855: kernel security, bug fix, and enhancement update (MODERATE)
ELSA-2016-3566: Unbreakable Enterprise kernel security update (IMPORTANT)
The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.
The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.
The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.