[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2016-3648 -- Oracle kernel-uek_dtrace-modules

ID: oval:org.secpod.oval:def:1501696Date: (C)2016-12-09   (M)2024-01-29
Class: PATCHFamily: unix




The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.

Platform:
Oracle Linux 6
Product:
kernel-uek
dtrace-modules 4.x
Reference:
ELSA-2016-3648
CVE-2016-8650
CVE-2016-9555
CVE    2
CVE-2016-8650
CVE-2016-9555
CPE    3
cpe:/a:dtrace-modules:dtrace-modules:4.x
cpe:/o:oracle:kernel-uek:4.x
cpe:/o:oracle:linux:6

© SecPod Technologies