Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-3633

Опубликовано: 24 окт. 2017
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2017-3633: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.297.11]

  • mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176}
  • ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542}
  • packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111}

[2.6.39-400.297.10]

  • mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355]
  • xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355]

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.297.11.el5uek

kernel-uek-debug

2.6.39-400.297.11.el5uek

kernel-uek-debug-devel

2.6.39-400.297.11.el5uek

kernel-uek-devel

2.6.39-400.297.11.el5uek

kernel-uek-doc

2.6.39-400.297.11.el5uek

kernel-uek-firmware

2.6.39-400.297.11.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.297.11.el5uek

kernel-uek-debug

2.6.39-400.297.11.el5uek

kernel-uek-debug-devel

2.6.39-400.297.11.el5uek

kernel-uek-devel

2.6.39-400.297.11.el5uek

kernel-uek-doc

2.6.39-400.297.11.el5uek

kernel-uek-firmware

2.6.39-400.297.11.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.297.11.el6uek

kernel-uek-debug

2.6.39-400.297.11.el6uek

kernel-uek-debug-devel

2.6.39-400.297.11.el6uek

kernel-uek-devel

2.6.39-400.297.11.el6uek

kernel-uek-doc

2.6.39-400.297.11.el6uek

kernel-uek-firmware

2.6.39-400.297.11.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.297.11.el6uek

kernel-uek-debug

2.6.39-400.297.11.el6uek

kernel-uek-debug-devel

2.6.39-400.297.11.el6uek

kernel-uek-devel

2.6.39-400.297.11.el6uek

kernel-uek-doc

2.6.39-400.297.11.el6uek

kernel-uek-firmware

2.6.39-400.297.11.el6uek

Связанные CVE

CVE-2017-11176
CVE-2017-1000111
CVE-2017-7542

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2017-3632

oracle-oval
больше 7 лет назад

ELSA-2017-3632: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2017-2930

oracle-oval
больше 7 лет назад

ELSA-2017-2930: kernel security and bug fix update (IMPORTANT)

oracle-oval логотип

ELSA-2017-2930-1

oracle-oval
больше 7 лет назад

ELSA-2017-2930-1: kernel security and bug fix update (IMPORTANT)

oracle-oval логотип

ELSA-2018-0169

oracle-oval
больше 7 лет назад

ELSA-2018-0169: kernel security and bug fix update (IMPORTANT)

ubuntu логотип

CVE-2017-11176

CVSS3: 7.8
ubuntu
почти 8 лет назад

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.