Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-4268

Опубликовано: 08 нояб. 2018
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2018-4268: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.26.1]

  • netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896807] {CVE-2017-18017}
  • scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927692] {CVE-2018-7757}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.26.1.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.26.1.el6uek

kernel-uek-debug

3.8.13-118.26.1.el6uek

kernel-uek-debug-devel

3.8.13-118.26.1.el6uek

kernel-uek-devel

3.8.13-118.26.1.el6uek

kernel-uek-doc

3.8.13-118.26.1.el6uek

kernel-uek-firmware

3.8.13-118.26.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.26.1.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.26.1.el7uek

kernel-uek-debug

3.8.13-118.26.1.el7uek

kernel-uek-debug-devel

3.8.13-118.26.1.el7uek

kernel-uek-devel

3.8.13-118.26.1.el7uek

kernel-uek-doc

3.8.13-118.26.1.el7uek

kernel-uek-firmware

3.8.13-118.26.1.el7uek

Связанные CVE

CVE-2017-18017
CVE-2018-7757

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2017-18017

CVSS3: 9.8
ubuntu
больше 7 лет назад

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

redhat логотип

CVE-2017-18017

CVSS3: 6.5
redhat
больше 7 лет назад

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

nvd логотип

CVE-2017-18017

CVSS3: 9.8
nvd
больше 7 лет назад

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

debian логотип

CVE-2017-18017

CVSS3: 9.8
debian
больше 7 лет назад

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the ...

ubuntu логотип

CVE-2018-7757

CVSS3: 5.5
ubuntu
больше 7 лет назад

Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.