[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-2519 -- Oracle kernel-uek

ID: oval:org.secpod.oval:def:1500157Date: (C)2013-04-27   (M)2024-02-19
Class: PATCHFamily: unix




An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main component of an operating system. This security update re-applies the fix for CVE-2013-1797 issue, Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. CVE-2013-0349 issue, The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. CVE-2013-1774 issue, The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. CVE-2013-1792 issue, Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. CVE-2013-1798 issue, The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. CVE-2013-1796 issue, The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. CVE-2013-1767 issue, Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. All users of kernel-uek are advised to upgrade to these updated packages, which contain back ported patches to correct these issues.

Platform:
Oracle Linux 6
Product:
kernel-uek
Reference:
ELSA-2013-2519
CVE-2013-1797
CVE-2013-0349
CVE-2013-1774
CVE-2013-1792
CVE-2013-1798
CVE-2013-1796
CVE-2013-1767
CVE    7
CVE-2013-1792
CVE-2013-0349
CVE-2013-1774
CVE-2013-1796
...
CPE    2
cpe:/o:oracle:linux:6
cpe:/o:oracle:kernel-uek

© SecPod Technologies