Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-2829

Опубликовано: 20 сент. 2019
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2019-2829: kernel security update (IMPORTANT)

[3.10.0-1062.1.2.OL7]

  • Oracle Linux certificates (Alexey Petrenko)
  • Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
  • Update x509.genkey [Orabug: 24817676]

[3.10.0-1062.1.2]

  • [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879 1750880] {CVE-2019-14835}

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

bpftool

3.10.0-1062.1.2.el7

kernel

3.10.0-1062.1.2.el7

kernel-abi-whitelists

3.10.0-1062.1.2.el7

kernel-debug

3.10.0-1062.1.2.el7

kernel-debug-devel

3.10.0-1062.1.2.el7

kernel-devel

3.10.0-1062.1.2.el7

kernel-doc

3.10.0-1062.1.2.el7

kernel-headers

3.10.0-1062.1.2.el7

kernel-tools

3.10.0-1062.1.2.el7

kernel-tools-libs

3.10.0-1062.1.2.el7

kernel-tools-libs-devel

3.10.0-1062.1.2.el7

perf

3.10.0-1062.1.2.el7

python-perf

3.10.0-1062.1.2.el7

Связанные CVE

CVE-2019-14835

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-14835

CVSS3: 7.8
ubuntu
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

redhat логотип

CVE-2019-14835

CVSS3: 7.2
redhat
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

nvd логотип

CVE-2019-14835

CVSS3: 7.8
nvd
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

debian логотип

CVE-2019-14835

CVSS3: 7.8
debian
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...

suse-cvrf логотип

SUSE-SU-2019:2613-1

suse-cvrf
больше 5 лет назад

Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2)