Описание
ELSA-2017-3515: Unbreakable Enterprise kernel security update (IMPORTANT)
kernel-uek [3.8.13-118.16.3]
- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646}
- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482}
- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485}
- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}
- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dtrace-modules-3.8.13-118.16.3.el6uek
0.4.5-3.el6
kernel-uek
3.8.13-118.16.3.el6uek
kernel-uek-debug
3.8.13-118.16.3.el6uek
kernel-uek-debug-devel
3.8.13-118.16.3.el6uek
kernel-uek-devel
3.8.13-118.16.3.el6uek
kernel-uek-doc
3.8.13-118.16.3.el6uek
kernel-uek-firmware
3.8.13-118.16.3.el6uek
Oracle Linux 7
Oracle Linux x86_64
dtrace-modules-3.8.13-118.16.3.el7uek
0.4.5-3.el7
kernel-uek
3.8.13-118.16.3.el7uek
kernel-uek-debug
3.8.13-118.16.3.el7uek
kernel-uek-debug-devel
3.8.13-118.16.3.el7uek
kernel-uek-devel
3.8.13-118.16.3.el7uek
kernel-uek-doc
3.8.13-118.16.3.el7uek
kernel-uek-firmware
3.8.13-118.16.3.el7uek
Связанные CVE
Связанные уязвимости
ELSA-2017-3516: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2017-3514: Unbreakable Enterprise kernel security update (IMPORTANT)
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.