Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-3648

Опубликовано: 07 дек. 2016
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2016-3648: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [4.1.12-61.1.22]

  • ocfs2: fix trans extend while free cached blocks (Junxiao Bi) [Orabug: 25136991]
  • ocfs2: fix trans extend while flush truncate log (Junxiao Bi) [Orabug: 25136991]
  • ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991]
  • mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154096] {CVE-2016-8650} {CVE-2016-8650}
  • mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035]

[4.1.12-61.1.21]

  • NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380]
  • sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] {CVE-2016-9555}

[4.1.12-61.1.20]

  • rebuild bumping release

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-4.1.12-61.1.22.el6uek

0.5.3-2.el6

kernel-uek

4.1.12-61.1.22.el6uek

kernel-uek-debug

4.1.12-61.1.22.el6uek

kernel-uek-debug-devel

4.1.12-61.1.22.el6uek

kernel-uek-devel

4.1.12-61.1.22.el6uek

kernel-uek-doc

4.1.12-61.1.22.el6uek

kernel-uek-firmware

4.1.12-61.1.22.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-4.1.12-61.1.22.el7uek

0.5.3-2.el7

kernel-uek

4.1.12-61.1.22.el7uek

kernel-uek-debug

4.1.12-61.1.22.el7uek

kernel-uek-debug-devel

4.1.12-61.1.22.el7uek

kernel-uek-devel

4.1.12-61.1.22.el7uek

kernel-uek-doc

4.1.12-61.1.22.el7uek

kernel-uek-firmware

4.1.12-61.1.22.el7uek

Связанные CVE

CVE-2016-8650
CVE-2016-9555

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2016-3651

oracle-oval
больше 8 лет назад

ELSA-2016-3651: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2016-8650

CVSS3: 5.5
ubuntu
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

redhat логотип

CVE-2016-8650

CVSS3: 8.8
redhat
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

nvd логотип

CVE-2016-8650

CVSS3: 5.5
nvd
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

debian логотип

CVE-2016-8650

CVSS3: 5.5
debian
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...