Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-4810

Опубликовано: 02 окт. 2019
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2019-4810: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.39.1]

  • tcp: purge write queue in tcp_connect_init() (Eric Dumazet) [Orabug: 30240134] {CVE-2019-15239}
  • cx24116: fix a buffer overflow when checking userspace params (Mauro Carvalho Chehab) [Orabug: 30254282] {CVE-2015-9289}
  • floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318220] {CVE-2019-14283}
  • ext4: fix data corruption caused by unaligned direct AIO (Lukas Czerner) [Orabug: 30324140]

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.39.1.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.39.1.el6uek

kernel-uek-debug

3.8.13-118.39.1.el6uek

kernel-uek-debug-devel

3.8.13-118.39.1.el6uek

kernel-uek-devel

3.8.13-118.39.1.el6uek

kernel-uek-doc

3.8.13-118.39.1.el6uek

kernel-uek-firmware

3.8.13-118.39.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.39.1.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.39.1.el7uek

kernel-uek-debug

3.8.13-118.39.1.el7uek

kernel-uek-debug-devel

3.8.13-118.39.1.el7uek

kernel-uek-devel

3.8.13-118.39.1.el7uek

kernel-uek-doc

3.8.13-118.39.1.el7uek

kernel-uek-firmware

3.8.13-118.39.1.el7uek

Связанные CVE

CVE-2019-14283
CVE-2015-9289
CVE-2019-15239

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2019-4808

oracle-oval
больше 5 лет назад

ELSA-2019-4808: Unbreakable Enterprise kernel security update (IMPORTANT)

suse-cvrf логотип

SUSE-SU-2019:14157-1

suse-cvrf
почти 6 лет назад

Security update for the Linux Kernel

ubuntu логотип

CVE-2019-14283

CVSS3: 6.8
ubuntu
почти 6 лет назад

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.

redhat логотип

CVE-2019-14283

CVSS3: 5.6
redhat
почти 6 лет назад

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.

nvd логотип

CVE-2019-14283

CVSS3: 6.8
nvd
почти 6 лет назад

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.