Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-4823

Опубликовано: 16 окт. 2019
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2019-4823: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.1.12-124.32.3]

  • scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (Hannes Reinecke) [Orabug: 26941755] {CVE-2017-14991}
  • failover: allow name change on IFF_UP slave interfaces (Si-Wei Liu) [Orabug: 29707258]
  • Revert 'net_failover: delay taking over primary device to accommodate udevd renaming' (Si-Wei Liu) [Orabug: 29707258]
  • build: Revert 'repairing out-of-tree build functionality' (Todd Vierling) [Orabug: 30257829]
  • rds: add ibmr to busy_list in flush code path (Manjunath Patil)
  • rds: fix uninteneded increase of rds_rdma:pool->max_items_soft (Manjunath Patil)

[4.1.12-124.32.2]

  • ext4: fix data exposure after a crash (Jan Kara) [Orabug: 30361860] {CVE-2017-7495}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

4.1.12-124.32.3.el6uek

kernel-uek-debug

4.1.12-124.32.3.el6uek

kernel-uek-debug-devel

4.1.12-124.32.3.el6uek

kernel-uek-devel

4.1.12-124.32.3.el6uek

kernel-uek-doc

4.1.12-124.32.3.el6uek

kernel-uek-firmware

4.1.12-124.32.3.el6uek

Oracle Linux 7

Oracle Linux x86_64

kernel-uek

4.1.12-124.32.3.el7uek

kernel-uek-debug

4.1.12-124.32.3.el7uek

kernel-uek-debug-devel

4.1.12-124.32.3.el7uek

kernel-uek-devel

4.1.12-124.32.3.el7uek

kernel-uek-doc

4.1.12-124.32.3.el7uek

kernel-uek-firmware

4.1.12-124.32.3.el7uek

Связанные CVE

CVE-2017-14991
CVE-2017-7495

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2017-7495

CVSS3: 5.5
ubuntu
около 8 лет назад

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.

redhat логотип

CVE-2017-7495

CVSS3: 6.2
redhat
около 8 лет назад

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.

nvd логотип

CVE-2017-7495

CVSS3: 5.5
nvd
около 8 лет назад

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.

debian логотип

CVE-2017-7495

CVSS3: 5.5
debian
около 8 лет назад

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=order ...

ubuntu логотип

CVE-2017-14991

CVSS3: 5.5
ubuntu
почти 8 лет назад

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.