Описание
ELSA-2023-13019: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.81.2]
- rebuild bumping release
[4.1.12-124.81.1]
- netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923500] {CVE-2023-39193}
- USB: ene_usb6250: Allocate enough memory for full object (Kees Cook) [Orabug: 35924058] {CVE-2023-45862}
- netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923470] {CVE-2023-39192}
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707466] {CVE-2023-4207}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.81.2.el6uek
kernel-uek-debug
4.1.12-124.81.2.el6uek
kernel-uek-debug-devel
4.1.12-124.81.2.el6uek
kernel-uek-devel
4.1.12-124.81.2.el6uek
kernel-uek-doc
4.1.12-124.81.2.el6uek
kernel-uek-firmware
4.1.12-124.81.2.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.81.2.el7uek
kernel-uek-debug
4.1.12-124.81.2.el7uek
kernel-uek-debug-devel
4.1.12-124.81.2.el7uek
kernel-uek-devel
4.1.12-124.81.2.el7uek
kernel-uek-doc
4.1.12-124.81.2.el7uek
kernel-uek-firmware
4.1.12-124.81.2.el7uek
Связанные уязвимости
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.