Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-4300

Опубликовано: 06 дек. 2018
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2018-4300: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.28.1]

  • udf: Check component length before reading it (Jan Kara) [Orabug: 21193696] {CVE-2014-9728}
  • udf: Verify i_size when loading inode (Shan Hai) [Orabug: 21193696] {CVE-2014-9728}
  • intel_pstate: Fix overflow in busy_scaled due to long delay (mridula shastry) [Orabug: 28005134]
  • scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459689] {CVE-2018-10021}
  • nfsd: silence sparse warning about accessing credentials (Jeff Layton) [Orabug: 28824742] {CVE-2017-13168}
  • scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824742] {CVE-2017-13168}
  • scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892683] {CVE-2018-1000204}
  • ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28898650] {CVE-2018-10902}
  • KVM: MTRR: remove MSR 0x2f8 (Andy Honig) [Orabug: 28901657] {CVE-2016-3713} {CVE-2016-3713}
  • cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929777] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710}
  • floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) {CVE-2018-7755} {CVE-2018-7755}
  • crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976585] {CVE-2017-17805}
  • crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976654] {CVE-2017-17806}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.28.1.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.28.1.el6uek

kernel-uek-debug

3.8.13-118.28.1.el6uek

kernel-uek-debug-devel

3.8.13-118.28.1.el6uek

kernel-uek-devel

3.8.13-118.28.1.el6uek

kernel-uek-doc

3.8.13-118.28.1.el6uek

kernel-uek-firmware

3.8.13-118.28.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.28.1.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.28.1.el7uek

kernel-uek-debug

3.8.13-118.28.1.el7uek

kernel-uek-debug-devel

3.8.13-118.28.1.el7uek

kernel-uek-devel

3.8.13-118.28.1.el7uek

kernel-uek-doc

3.8.13-118.28.1.el7uek

kernel-uek-firmware

3.8.13-118.28.1.el7uek

Связанные CVE

CVE-2014-9728
CVE-2016-3713
CVE-2017-13168
CVE-2017-17805
CVE-2017-17806
CVE-2018-1000204
CVE-2018-10021
CVE-2018-10902
CVE-2018-18710
CVE-2018-7755

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2019-4316

oracle-oval
около 7 лет назад

ELSA-2019-4316: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2018-4301

oracle-oval
больше 7 лет назад

ELSA-2018-4301: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2014-9728

ubuntu
больше 10 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

redhat логотип

CVE-2014-9728

redhat
больше 11 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

nvd логотип

CVE-2014-9728

nvd
больше 10 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.