Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-4227

Опубликовано: 26 сент. 2018
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2018-4227: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.1.12-124.19.5]

  • nsfs: mark dentry with DCACHE_RCUACCESS (Cong Wang) [Orabug: 28576290] {CVE-2018-5873}
  • dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604628]
  • IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655409]
  • IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655409]
  • IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655409]
  • IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655409]
  • cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664501] {CVE-2018-16658}
  • ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664577] {CVE-2017-13695}
  • uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680213]

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

4.1.12-124.19.5.el6uek

kernel-uek-debug

4.1.12-124.19.5.el6uek

kernel-uek-debug-devel

4.1.12-124.19.5.el6uek

kernel-uek-devel

4.1.12-124.19.5.el6uek

kernel-uek-doc

4.1.12-124.19.5.el6uek

kernel-uek-firmware

4.1.12-124.19.5.el6uek

Oracle Linux 7

Oracle Linux x86_64

kernel-uek

4.1.12-124.19.5.el7uek

kernel-uek-debug

4.1.12-124.19.5.el7uek

kernel-uek-debug-devel

4.1.12-124.19.5.el7uek

kernel-uek-devel

4.1.12-124.19.5.el7uek

kernel-uek-doc

4.1.12-124.19.5.el7uek

kernel-uek-firmware

4.1.12-124.19.5.el7uek

Связанные CVE

CVE-2017-13695
CVE-2018-16658
CVE-2018-5873

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2018-4245

oracle-oval
больше 6 лет назад

ELSA-2018-4245: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2018-4250

oracle-oval
больше 6 лет назад

ELSA-2018-4250: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2018-4246

oracle-oval
больше 6 лет назад

ELSA-2018-4246: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2018-4242

oracle-oval
больше 6 лет назад

ELSA-2018-4242: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2017-13695

CVSS3: 5.5
ubuntu
почти 8 лет назад

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.