Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-4685

Опубликовано: 13 нояб. 2020
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2020-4685: kernel security update (IMPORTANT)

[4.18.0-240.1.1_3.OL8]

  • Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

[4.18.0-240.1.1_3]

  • [net] Bluetooth: fix kernel oops in store_pending_adv_report (Gopal Tiwari) [1888454 1888455] {CVE-2020-24490}
  • [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888257 1888258] {CVE-2020-12351}
  • [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888806 1888807] {CVE-2020-12352}

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

4.18.0-240.1.1.el8_3

kernel-cross-headers

4.18.0-240.1.1.el8_3

kernel-tools

4.18.0-240.1.1.el8_3

kernel-tools-libs

4.18.0-240.1.1.el8_3

kernel-tools-libs-devel

4.18.0-240.1.1.el8_3

perf

4.18.0-240.1.1.el8_3

python3-perf

4.18.0-240.1.1.el8_3

Oracle Linux x86_64

bpftool

4.18.0-240.1.1.el8_3

kernel

4.18.0-240.1.1.el8_3

kernel-abi-whitelists

4.18.0-240.1.1.el8_3

kernel-core

4.18.0-240.1.1.el8_3

kernel-cross-headers

4.18.0-240.1.1.el8_3

kernel-debug

4.18.0-240.1.1.el8_3

kernel-debug-core

4.18.0-240.1.1.el8_3

kernel-debug-devel

4.18.0-240.1.1.el8_3

kernel-debug-modules

4.18.0-240.1.1.el8_3

kernel-debug-modules-extra

4.18.0-240.1.1.el8_3

kernel-devel

4.18.0-240.1.1.el8_3

kernel-doc

4.18.0-240.1.1.el8_3

kernel-headers

4.18.0-240.1.1.el8_3

kernel-modules

4.18.0-240.1.1.el8_3

kernel-modules-extra

4.18.0-240.1.1.el8_3

kernel-tools

4.18.0-240.1.1.el8_3

kernel-tools-libs

4.18.0-240.1.1.el8_3

kernel-tools-libs-devel

4.18.0-240.1.1.el8_3

perf

4.18.0-240.1.1.el8_3

python3-perf

4.18.0-240.1.1.el8_3

Связанные CVE

CVE-2020-24490
CVE-2020-25662
CVE-2020-25661

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2020-24490

CVSS3: 6.5
ubuntu
около 5 лет назад

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

redhat логотип

CVE-2020-24490

CVSS3: 7.1
redhat
больше 5 лет назад

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

nvd логотип

CVE-2020-24490

CVSS3: 6.5
nvd
около 5 лет назад

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

debian логотип

CVE-2020-24490

CVSS3: 6.5
debian
около 5 лет назад

Improper buffer restrictions in BlueZ may allow an unauthenticated use ...

fstec логотип

BDU:2020-04799

CVSS3: 6.5
fstec
больше 5 лет назад

Уязвимость компонента net/bluetooth/hci_event.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании