[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-2513 -- Oracle kernel-uek

ID: oval:org.secpod.oval:def:1500144Date: (C)2013-04-17   (M)2024-02-19
Class: PATCHFamily: unix




An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main component of an operating system. This security update re-applies the fix for CVE-2013-0871 issue, Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0913 issue, Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. CVE-2013-1773 issue, Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. CVE-2013-0268 issue, The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. All users of kernel-uek are advised to upgrade to these updated packages, which contain back ported patches to correct these issues.

Platform:
Oracle Linux 6
Product:
kernel-uek
Reference:
ELSA-2013-2513
CVE-2013-0913
CVE-2013-1773
CVE-2013-0871
CVE    3
CVE-2013-1773
CVE-2013-0871
CVE-2013-0913
CPE    2
cpe:/o:oracle:linux:6
cpe:/o:oracle:kernel-uek

© SecPod Technologies