Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-4645

Опубликовано: 15 мая 2019
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 5

Описание

ELSA-2019-4645: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.311.1]

  • USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) {CVE-2018-19985} {CVE-2018-19985}
  • binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677235] {CVE-2019-11190}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.311.1.el6uek

kernel-uek-debug

2.6.39-400.311.1.el6uek

kernel-uek-debug-devel

2.6.39-400.311.1.el6uek

kernel-uek-devel

2.6.39-400.311.1.el6uek

kernel-uek-doc

2.6.39-400.311.1.el6uek

kernel-uek-firmware

2.6.39-400.311.1.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.311.1.el6uek

kernel-uek-debug

2.6.39-400.311.1.el6uek

kernel-uek-debug-devel

2.6.39-400.311.1.el6uek

kernel-uek-devel

2.6.39-400.311.1.el6uek

kernel-uek-doc

2.6.39-400.311.1.el6uek

kernel-uek-firmware

2.6.39-400.311.1.el6uek

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.311.1.el5uek

kernel-uek-debug

2.6.39-400.311.1.el5uek

kernel-uek-debug-devel

2.6.39-400.311.1.el5uek

kernel-uek-devel

2.6.39-400.311.1.el5uek

kernel-uek-doc

2.6.39-400.311.1.el5uek

kernel-uek-firmware

2.6.39-400.311.1.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.311.1.el5uek

kernel-uek-debug

2.6.39-400.311.1.el5uek

kernel-uek-debug-devel

2.6.39-400.311.1.el5uek

kernel-uek-devel

2.6.39-400.311.1.el5uek

kernel-uek-doc

2.6.39-400.311.1.el5uek

kernel-uek-firmware

2.6.39-400.311.1.el5uek

Связанные CVE

CVE-2018-19985
CVE-2019-11190

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2019-4646

oracle-oval
около 6 лет назад

ELSA-2019-4646: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2019-4642

oracle-oval
около 6 лет назад

ELSA-2019-4642: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2019-4644

oracle-oval
около 6 лет назад

ELSA-2019-4644: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2019-11190

CVSS3: 4.7
ubuntu
около 6 лет назад

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

redhat логотип

CVE-2019-11190

CVSS3: 3.3
redhat
около 6 лет назад

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.