Описание
ELSA-2017-3522: Unbreakable Enterprise kernel security update (IMPORTANT)
[2.6.39-400.294.3]
- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kernel-uek
2.6.39-400.294.3.el5uek
kernel-uek-debug
2.6.39-400.294.3.el5uek
kernel-uek-debug-devel
2.6.39-400.294.3.el5uek
kernel-uek-devel
2.6.39-400.294.3.el5uek
kernel-uek-doc
2.6.39-400.294.3.el5uek
kernel-uek-firmware
2.6.39-400.294.3.el5uek
Oracle Linux i386
kernel-uek
2.6.39-400.294.3.el5uek
kernel-uek-debug
2.6.39-400.294.3.el5uek
kernel-uek-debug-devel
2.6.39-400.294.3.el5uek
kernel-uek-devel
2.6.39-400.294.3.el5uek
kernel-uek-doc
2.6.39-400.294.3.el5uek
kernel-uek-firmware
2.6.39-400.294.3.el5uek
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
2.6.39-400.294.3.el6uek
kernel-uek-debug
2.6.39-400.294.3.el6uek
kernel-uek-debug-devel
2.6.39-400.294.3.el6uek
kernel-uek-devel
2.6.39-400.294.3.el6uek
kernel-uek-doc
2.6.39-400.294.3.el6uek
kernel-uek-firmware
2.6.39-400.294.3.el6uek
Oracle Linux i686
kernel-uek
2.6.39-400.294.3.el6uek
kernel-uek-debug
2.6.39-400.294.3.el6uek
kernel-uek-debug-devel
2.6.39-400.294.3.el6uek
kernel-uek-devel
2.6.39-400.294.3.el6uek
kernel-uek-doc
2.6.39-400.294.3.el6uek
kernel-uek-firmware
2.6.39-400.294.3.el6uek
Связанные CVE
Связанные уязвимости
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux k ...
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.