Описание
ELSA-2020-1524: kernel security update (IMPORTANT)
[2.6.32-754.29.1.OL6]
- Update genkey [bug 25599697]
[2.6.32-754.29.1]
- [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666}
- [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759]
- [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759]
- binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759]
- [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel
2.6.32-754.29.1.el6
kernel-abi-whitelists
2.6.32-754.29.1.el6
kernel-debug
2.6.32-754.29.1.el6
kernel-debug-devel
2.6.32-754.29.1.el6
kernel-devel
2.6.32-754.29.1.el6
kernel-doc
2.6.32-754.29.1.el6
kernel-firmware
2.6.32-754.29.1.el6
kernel-headers
2.6.32-754.29.1.el6
perf
2.6.32-754.29.1.el6
python-perf
2.6.32-754.29.1.el6
Oracle Linux i686
kernel
2.6.32-754.29.1.el6
kernel-abi-whitelists
2.6.32-754.29.1.el6
kernel-debug
2.6.32-754.29.1.el6
kernel-debug-devel
2.6.32-754.29.1.el6
kernel-devel
2.6.32-754.29.1.el6
kernel-doc
2.6.32-754.29.1.el6
kernel-firmware
2.6.32-754.29.1.el6
kernel-headers
2.6.32-754.29.1.el6
perf
2.6.32-754.29.1.el6
python-perf
2.6.32-754.29.1.el6
Связанные CVE
Связанные уязвимости
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
The offset2lib patch as used by the Linux Kernel contains a vulnerabil ...
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.