Описание
ELSA-2017-0293: kernel security update (IMPORTANT)
[2.6.32-642.13.2]
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel
2.6.32-642.13.2.el6
kernel-abi-whitelists
2.6.32-642.13.2.el6
kernel-debug
2.6.32-642.13.2.el6
kernel-debug-devel
2.6.32-642.13.2.el6
kernel-devel
2.6.32-642.13.2.el6
kernel-doc
2.6.32-642.13.2.el6
kernel-firmware
2.6.32-642.13.2.el6
kernel-headers
2.6.32-642.13.2.el6
perf
2.6.32-642.13.2.el6
python-perf
2.6.32-642.13.2.el6
Oracle Linux i686
kernel
2.6.32-642.13.2.el6
kernel-abi-whitelists
2.6.32-642.13.2.el6
kernel-debug
2.6.32-642.13.2.el6
kernel-debug-devel
2.6.32-642.13.2.el6
kernel-devel
2.6.32-642.13.2.el6
kernel-doc
2.6.32-642.13.2.el6
kernel-firmware
2.6.32-642.13.2.el6
kernel-headers
2.6.32-642.13.2.el6
perf
2.6.32-642.13.2.el6
python-perf
2.6.32-642.13.2.el6
Связанные CVE
Связанные уязвимости
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux k ...
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.