[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-2503 -- Oracle kernel-uek

ID: oval:org.secpod.oval:def:1500093Date: (C)2013-03-20   (M)2024-02-19
Class: PATCHFamily: unix




An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main component of an operating system. This security update re-applies the fix for CVE-2012-4398 issue, A deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service and CVE-2012-4461 issue, On machines without XSAVE instruction support a malicious guest can cause a host kernel panic via the SET_SREGS ioctl. CVE-2012-4530 issue, Execution of a carefully crafted sequence of scripts could allow an unprivileged user to leak kernel stack information to userspace. CVE-2013-0190 issue, A malicious guest can cause a memory leak in the host networking stack by sending malformed requests to the Xen backend driver, leading to a kernel panic. All users of kernel-uek are advised to upgrade to these updated packages, which contain back ported patches to correct these issues.

Platform:
Oracle Linux 6
Product:
kernel-uek
Reference:
ELSA-2013-2503
CVE-2012-4530
CVE-2013-0216
CVE-2013-0190
CVE-2013-0231
CVE-2012-4461
CVE-2013-0217
CVE-2012-4398
CVE    7
CVE-2013-0190
CVE-2013-0217
CVE-2012-4398
CVE-2012-4530
...
CPE    2
cpe:/o:oracle:linux:6
cpe:/o:oracle:kernel-uek

© SecPod Technologies