Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-3516

Опубликовано: 09 фев. 2017
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2017-3516: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.294.2]

  • vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}
  • crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807]
  • USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}
  • net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}
  • af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}
  • unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.294.2.el5uek

kernel-uek-debug

2.6.39-400.294.2.el5uek

kernel-uek-debug-devel

2.6.39-400.294.2.el5uek

kernel-uek-devel

2.6.39-400.294.2.el5uek

kernel-uek-doc

2.6.39-400.294.2.el5uek

kernel-uek-firmware

2.6.39-400.294.2.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.294.2.el5uek

kernel-uek-debug

2.6.39-400.294.2.el5uek

kernel-uek-debug-devel

2.6.39-400.294.2.el5uek

kernel-uek-devel

2.6.39-400.294.2.el5uek

kernel-uek-doc

2.6.39-400.294.2.el5uek

kernel-uek-firmware

2.6.39-400.294.2.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.294.2.el6uek

kernel-uek-debug

2.6.39-400.294.2.el6uek

kernel-uek-debug-devel

2.6.39-400.294.2.el6uek

kernel-uek-devel

2.6.39-400.294.2.el6uek

kernel-uek-doc

2.6.39-400.294.2.el6uek

kernel-uek-firmware

2.6.39-400.294.2.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.294.2.el6uek

kernel-uek-debug

2.6.39-400.294.2.el6uek

kernel-uek-debug-devel

2.6.39-400.294.2.el6uek

kernel-uek-devel

2.6.39-400.294.2.el6uek

kernel-uek-doc

2.6.39-400.294.2.el6uek

kernel-uek-firmware

2.6.39-400.294.2.el6uek

Связанные CVE

CVE-2013-7446
CVE-2016-8646
CVE-2016-4482
CVE-2015-1420
CVE-2016-4485

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2017-3515

oracle-oval
больше 8 лет назад

ELSA-2017-3515: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2017-3514

oracle-oval
больше 8 лет назад

ELSA-2017-3514: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2013-7446

CVSS3: 5.3
ubuntu
больше 9 лет назад

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

redhat логотип

CVE-2013-7446

redhat
почти 10 лет назад

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

nvd логотип

CVE-2013-7446

CVSS3: 5.3
nvd
больше 9 лет назад

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.