ELSA-2016-3592

Опубликовано: 04 авг. 2016

Источник: oracle-oval

Платформа: Oracle Linux 5

Платформа: Oracle Linux 6

Описание

ELSA-2016-3592: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.283.2]

KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] {CVE-2016-4470}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.283.2.el5uek

kernel-uek-debug

2.6.39-400.283.2.el5uek

kernel-uek-debug-devel

2.6.39-400.283.2.el5uek

kernel-uek-devel

2.6.39-400.283.2.el5uek

kernel-uek-doc

2.6.39-400.283.2.el5uek

kernel-uek-firmware

2.6.39-400.283.2.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.283.2.el5uek

kernel-uek-debug

2.6.39-400.283.2.el5uek

kernel-uek-debug-devel

2.6.39-400.283.2.el5uek

kernel-uek-devel

2.6.39-400.283.2.el5uek

kernel-uek-doc

2.6.39-400.283.2.el5uek

kernel-uek-firmware

2.6.39-400.283.2.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.283.2.el6uek

kernel-uek-debug

2.6.39-400.283.2.el6uek

kernel-uek-debug-devel

2.6.39-400.283.2.el6uek

kernel-uek-devel

2.6.39-400.283.2.el6uek

kernel-uek-doc

2.6.39-400.283.2.el6uek

kernel-uek-firmware

2.6.39-400.283.2.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.283.2.el6uek

kernel-uek-debug

2.6.39-400.283.2.el6uek

kernel-uek-debug-devel

2.6.39-400.283.2.el6uek

kernel-uek-devel

2.6.39-400.283.2.el6uek

kernel-uek-doc

2.6.39-400.283.2.el6uek

kernel-uek-firmware

2.6.39-400.283.2.el6uek

Связанные CVE

CVE-2016-4470

Ссылки на источники

Связанные уязвимости

CVE-2016-4470

CVSS3: 5.5

ubuntu

почти 9 лет назад

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.