ELSA-2013-2504 -- Oracle kernel-uek, ofa and mlnx_enID: oval:org.secpod.oval:def:1500094 | Date: (C)2013-03-20 (M)2023-12-07 |
Class: PATCH | Family: unix |
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main component of an operating system. This security update re-applies the fix for CVE-2012-4530 issue, Execution of a carefully crafted sequence of scripts could allow an unprivileged user to leak kernel stack information to userspace. CVE-2013-0190 issue, Incorrect manipulation of the stack pointer in the error path for iret failure with a 32-bit paravirtualized guest could result in stack corruption. This could be triggered by an unprivileged user in the guest to cause a denial-of-service. All users of kernel-uek are advised to upgrade to these updated packages, which contain back ported patches to correct these issues.
Product: |
kernel-uek |
ofa |
mlnx_en |