Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-3646

Опубликовано: 20 нояб. 2016
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2016-3646: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.290.2]

  • aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] {CVE-2016-6480} {CVE-2016-6480}
  • audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059962] {CVE-2016-6136}
  • ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] {CVE-2016-1583} {CVE-2016-1583}
  • ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578}
  • ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578}
  • ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] {CVE-2016-4569}
  • Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] {CVE-2015-8956}
  • mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] {CVE-2016-3070}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.290.2.el5uek

kernel-uek-debug

2.6.39-400.290.2.el5uek

kernel-uek-debug-devel

2.6.39-400.290.2.el5uek

kernel-uek-devel

2.6.39-400.290.2.el5uek

kernel-uek-doc

2.6.39-400.290.2.el5uek

kernel-uek-firmware

2.6.39-400.290.2.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.290.2.el5uek

kernel-uek-debug

2.6.39-400.290.2.el5uek

kernel-uek-debug-devel

2.6.39-400.290.2.el5uek

kernel-uek-devel

2.6.39-400.290.2.el5uek

kernel-uek-doc

2.6.39-400.290.2.el5uek

kernel-uek-firmware

2.6.39-400.290.2.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.290.2.el6uek

kernel-uek-debug

2.6.39-400.290.2.el6uek

kernel-uek-debug-devel

2.6.39-400.290.2.el6uek

kernel-uek-devel

2.6.39-400.290.2.el6uek

kernel-uek-doc

2.6.39-400.290.2.el6uek

kernel-uek-firmware

2.6.39-400.290.2.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.290.2.el6uek

kernel-uek-debug

2.6.39-400.290.2.el6uek

kernel-uek-debug-devel

2.6.39-400.290.2.el6uek

kernel-uek-devel

2.6.39-400.290.2.el6uek

kernel-uek-doc

2.6.39-400.290.2.el6uek

kernel-uek-firmware

2.6.39-400.290.2.el6uek

Связанные CVE

CVE-2016-6136
CVE-2016-4569
CVE-2016-6480
CVE-2016-1583
CVE-2016-3070
CVE-2016-4578
CVE-2015-8956

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2016-3644

oracle-oval
больше 8 лет назад

ELSA-2016-3644: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2016-3645

oracle-oval
больше 8 лет назад

ELSA-2016-3645: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2016-2574

oracle-oval
больше 8 лет назад

ELSA-2016-2574: kernel security, bug fix, and enhancement update (IMPORTANT)

ubuntu логотип

CVE-2016-6136

CVSS3: 4.7
ubuntu
около 9 лет назад

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

redhat логотип

CVE-2016-6136

CVSS3: 5.3
redhat
около 9 лет назад

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.