ELSA-2016-3645

Опубликовано: 20 нояб. 2016

Источник: oracle-oval

Платформа: Oracle Linux 6

Платформа: Oracle Linux 7

Описание

ELSA-2016-3645: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.14.2]

aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] {CVE-2016-6480} {CVE-2016-6480}
IB/srpt: Simplify srpt_handle_tsk_mgmt() (Bart Van Assche) [Orabug: 25060011] {CVE-2016-6327}
audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059945] {CVE-2016-6136}
ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578}
ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578}
ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] {CVE-2016-4569}
acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] {CVE-2016-3699}
Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] {CVE-2015-8956}
ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] {CVE-2016-2053}
mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] {CVE-2016-3070}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.14.2.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.14.2.el6uek

kernel-uek-debug

3.8.13-118.14.2.el6uek

kernel-uek-debug-devel

3.8.13-118.14.2.el6uek

kernel-uek-devel

3.8.13-118.14.2.el6uek

kernel-uek-doc

3.8.13-118.14.2.el6uek

kernel-uek-firmware

3.8.13-118.14.2.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.14.2.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.14.2.el7uek

kernel-uek-debug

3.8.13-118.14.2.el7uek

kernel-uek-debug-devel

3.8.13-118.14.2.el7uek

kernel-uek-devel

3.8.13-118.14.2.el7uek

kernel-uek-doc

3.8.13-118.14.2.el7uek

kernel-uek-firmware

3.8.13-118.14.2.el7uek

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2016-2574

oracle-oval

больше 8 лет назад

ELSA-2016-2574: kernel security, bug fix, and enhancement update (IMPORTANT)

ELSA-2016-3644

oracle-oval

больше 8 лет назад

ELSA-2016-3644: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2016-3646

oracle-oval

больше 8 лет назад

ELSA-2016-3646: Unbreakable Enterprise kernel security update (IMPORTANT)

CVE-2016-3070

CVSS3: 7.8

ubuntu

почти 9 лет назад

The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.

CVE-2016-3070

redhat

около 9 лет назад