Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-4532

Опубликовано: 06 фев. 2019
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2019-4532: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.30.1]

  • ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 28220451] {CVE-2018-1094}
  • ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 28220451] {CVE-2018-1094} {CVE-2018-1094}
  • vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 28220451] {CVE-2018-1094}
  • ocfs2: should wait dio before inode lock in ocfs2_setattr() (alex chen) [Orabug: 28852830] {CVE-2017-18204}
  • Make file credentials available to the seqfile interfaces (Linus Torvalds) [Orabug: 29114878] {CVE-2018-17972}
  • proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114878] {CVE-2018-17972}
  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (Qu Wenruo) [Orabug: 29301105] {CVE-2018-14609}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.30.1.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.30.1.el6uek

kernel-uek-debug

3.8.13-118.30.1.el6uek

kernel-uek-debug-devel

3.8.13-118.30.1.el6uek

kernel-uek-devel

3.8.13-118.30.1.el6uek

kernel-uek-doc

3.8.13-118.30.1.el6uek

kernel-uek-firmware

3.8.13-118.30.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.30.1.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.30.1.el7uek

kernel-uek-debug

3.8.13-118.30.1.el7uek

kernel-uek-debug-devel

3.8.13-118.30.1.el7uek

kernel-uek-devel

3.8.13-118.30.1.el7uek

kernel-uek-doc

3.8.13-118.30.1.el7uek

kernel-uek-firmware

3.8.13-118.30.1.el7uek

Связанные CVE

CVE-2018-1094
CVE-2018-17972
CVE-2018-14609
CVE-2017-18204

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2019-4533

oracle-oval
больше 6 лет назад

ELSA-2019-4533: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2018-1094

CVSS3: 5.5
ubuntu
около 7 лет назад

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.

redhat логотип

CVE-2018-1094

CVSS3: 4.6
redhat
около 7 лет назад

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.

nvd логотип

CVE-2018-1094

CVSS3: 5.5
nvd
около 7 лет назад

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.

debian логотип

CVE-2018-1094

CVSS3: 5.5
debian
около 7 лет назад

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...