Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-3607

Опубликовано: 18 авг. 2017
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2017-3607: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.297.6]

  • l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586050] {CVE-2016-10200}
  • xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586024] {CVE-2016-9685}
  • KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}
  • ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578202] {CVE-2017-9242}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.297.6.el5uek

kernel-uek-debug

2.6.39-400.297.6.el5uek

kernel-uek-debug-devel

2.6.39-400.297.6.el5uek

kernel-uek-devel

2.6.39-400.297.6.el5uek

kernel-uek-doc

2.6.39-400.297.6.el5uek

kernel-uek-firmware

2.6.39-400.297.6.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.297.6.el5uek

kernel-uek-debug

2.6.39-400.297.6.el5uek

kernel-uek-debug-devel

2.6.39-400.297.6.el5uek

kernel-uek-devel

2.6.39-400.297.6.el5uek

kernel-uek-doc

2.6.39-400.297.6.el5uek

kernel-uek-firmware

2.6.39-400.297.6.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.297.6.el6uek

kernel-uek-debug

2.6.39-400.297.6.el6uek

kernel-uek-debug-devel

2.6.39-400.297.6.el6uek

kernel-uek-devel

2.6.39-400.297.6.el6uek

kernel-uek-doc

2.6.39-400.297.6.el6uek

kernel-uek-firmware

2.6.39-400.297.6.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.297.6.el6uek

kernel-uek-debug

2.6.39-400.297.6.el6uek

kernel-uek-debug-devel

2.6.39-400.297.6.el6uek

kernel-uek-devel

2.6.39-400.297.6.el6uek

kernel-uek-doc

2.6.39-400.297.6.el6uek

kernel-uek-firmware

2.6.39-400.297.6.el6uek

Связанные CVE

CVE-2016-9604
CVE-2017-9242
CVE-2016-9685
CVE-2016-10200

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2017-3606

oracle-oval
почти 8 лет назад

ELSA-2017-3606: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2017-3605

oracle-oval
почти 8 лет назад

ELSA-2017-3605: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2017-1842

oracle-oval
почти 8 лет назад

ELSA-2017-1842: kernel security, bug fix, and enhancement update (IMPORTANT)

oracle-oval логотип

ELSA-2017-1842-1

oracle-oval
почти 8 лет назад

ELSA-2017-1842-1: kernel security, bug fix, and enhancement update (IMPORTANT)

ubuntu логотип

CVE-2016-9604

CVSS3: 4.4
ubuntu
почти 7 лет назад

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.