Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-3508

Опубликовано: 12 янв. 2017
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2017-3508: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [4.1.12-61.1.25]

  • KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042}
  • nvme: Limit command retries (Keith Busch) [Orabug: 25374751]
  • fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977]
  • tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828}
  • tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666}
  • i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290]
  • packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655}
  • netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806}
  • ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794}
  • net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}

[4.1.12-61.1.24]

  • rebuild bumping release

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-4.1.12-61.1.25.el6uek

0.5.3-2.el6

kernel-uek

4.1.12-61.1.25.el6uek

kernel-uek-debug

4.1.12-61.1.25.el6uek

kernel-uek-debug-devel

4.1.12-61.1.25.el6uek

kernel-uek-devel

4.1.12-61.1.25.el6uek

kernel-uek-doc

4.1.12-61.1.25.el6uek

kernel-uek-firmware

4.1.12-61.1.25.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-4.1.12-61.1.25.el7uek

0.5.3-2.el7

kernel-uek

4.1.12-61.1.25.el7uek

kernel-uek-debug

4.1.12-61.1.25.el7uek

kernel-uek-debug-devel

4.1.12-61.1.25.el7uek

kernel-uek-devel

4.1.12-61.1.25.el7uek

kernel-uek-doc

4.1.12-61.1.25.el7uek

kernel-uek-firmware

4.1.12-61.1.25.el7uek

Связанные CVE

CVE-2016-6828
CVE-2016-7042
CVE-2016-8666
CVE-2016-9806
CVE-2016-9793
CVE-2016-9794
CVE-2016-8655

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2017-3509

oracle-oval
больше 8 лет назад

ELSA-2017-3509: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2017-3510

oracle-oval
больше 8 лет назад

ELSA-2017-3510: Unbreakable Enterprise kernel security update (IMPORTANT)

suse-cvrf логотип

SUSE-SU-2016:2912-1

suse-cvrf
больше 8 лет назад

Security update for the Linux Kernel

ubuntu логотип

CVE-2016-6828

CVSS3: 5.5
ubuntu
больше 8 лет назад

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.

redhat логотип

CVE-2016-6828

CVSS3: 4.4
redhat
почти 9 лет назад

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.