ELSA-2019-4812

Опубликовано: 03 окт. 2019

Источник: oracle-oval

Платформа: Oracle Linux 5

Платформа: Oracle Linux 6

Описание

ELSA-2019-4812: Unbreakable Enterprise kernel security update (IMPORTANT)

[2.6.39-400.315.1]

loopback: off by one in tcm_loop_make_naa_tpg() (Dan Carpenter) [Orabug: 30254296] {CVE-2011-5327}
floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318221] {CVE-2019-14283}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.315.1.el5uek

kernel-uek-debug

2.6.39-400.315.1.el5uek

kernel-uek-debug-devel

2.6.39-400.315.1.el5uek

kernel-uek-devel

2.6.39-400.315.1.el5uek

kernel-uek-doc

2.6.39-400.315.1.el5uek

kernel-uek-firmware

2.6.39-400.315.1.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.315.1.el5uek

kernel-uek-debug

2.6.39-400.315.1.el5uek

kernel-uek-debug-devel

2.6.39-400.315.1.el5uek

kernel-uek-devel

2.6.39-400.315.1.el5uek

kernel-uek-doc

2.6.39-400.315.1.el5uek

kernel-uek-firmware

2.6.39-400.315.1.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.315.1.el6uek

kernel-uek-debug

2.6.39-400.315.1.el6uek

kernel-uek-debug-devel

2.6.39-400.315.1.el6uek

kernel-uek-devel

2.6.39-400.315.1.el6uek

kernel-uek-doc

2.6.39-400.315.1.el6uek

kernel-uek-firmware

2.6.39-400.315.1.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.315.1.el6uek

kernel-uek-debug

2.6.39-400.315.1.el6uek

kernel-uek-debug-devel

2.6.39-400.315.1.el6uek

kernel-uek-devel

2.6.39-400.315.1.el6uek

kernel-uek-doc

2.6.39-400.315.1.el6uek

kernel-uek-firmware

2.6.39-400.315.1.el6uek

Связанные CVE

CVE-2019-14283

CVE-2011-5327

Ссылки на источники

Связанные уязвимости

CVE-2011-5327

CVSS3: 9.8

ubuntu

почти 6 лет назад

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.

CVE-2011-5327

CVSS3: 5.5

redhat

почти 6 лет назад

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.

CVE-2011-5327

CVSS3: 9.8

nvd

почти 6 лет назад

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.

CVE-2011-5327

CVSS3: 9.8

debian

почти 6 лет назад

In the Linux kernel before 3.1, an off by one in the drivers/target/lo ...

CVE-2019-14283

CVSS3: 6.8

ubuntu

почти 6 лет назад

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.