Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-3589

Опубликовано: 30 июн. 2017
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2017-3589: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [4.1.12-94.3.8]

  • macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26368162] {CVE-2017-7477}
  • macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26368162] {CVE-2017-7477}
  • nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366988] {CVE-2017-7645}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-4.1.12-94.3.8.el6uek

0.6.0-4.el6

kernel-uek

4.1.12-94.3.8.el6uek

kernel-uek-debug

4.1.12-94.3.8.el6uek

kernel-uek-debug-devel

4.1.12-94.3.8.el6uek

kernel-uek-devel

4.1.12-94.3.8.el6uek

kernel-uek-doc

4.1.12-94.3.8.el6uek

kernel-uek-firmware

4.1.12-94.3.8.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-4.1.12-94.3.8.el7uek

0.6.0-4.el7

kernel-uek

4.1.12-94.3.8.el7uek

kernel-uek-debug

4.1.12-94.3.8.el7uek

kernel-uek-debug-devel

4.1.12-94.3.8.el7uek

kernel-uek-devel

4.1.12-94.3.8.el7uek

kernel-uek-doc

4.1.12-94.3.8.el7uek

kernel-uek-firmware

4.1.12-94.3.8.el7uek

Связанные CVE

CVE-2017-7477
CVE-2017-7645

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2017-1615

oracle-oval
почти 8 лет назад

ELSA-2017-1615: kernel security and bug fix update (IMPORTANT)

oracle-oval логотип

ELSA-2017-1615-1

oracle-oval
почти 8 лет назад

ELSA-2017-1615-1: kernel security and bug fix update (IMPORTANT)

ubuntu логотип

CVE-2017-7477

CVSS3: 7
ubuntu
около 8 лет назад

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.

redhat логотип

CVE-2017-7477

CVSS3: 8.1
redhat
около 8 лет назад

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.

nvd логотип

CVE-2017-7477

CVSS3: 7
nvd
около 8 лет назад

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.