[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-1645 -- Oracle kernel, perf, python-perf

ID: oval:org.secpod.oval:def:1500321Date: (C)2013-12-17   (M)2017-09-22
Class: PATCHFamily: unix




Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled , an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. * A flaw was found in the way the Linux kernel handled HID reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. * Two information leak flaws were found in the logical link control implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level . Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.

Platform:
Oracle Linux 6
Product:
kernel
perf
python-perf
Reference:
ELSA-2013-1645
CVE-2013-4387
CVE-2013-1928
CVE-2013-4299
CVE-2013-2892
CVE-2013-2889
CVE-2013-4345
CVE-2012-6545
CVE-2013-2888
CVE-2013-0343
CVE-2013-2851
CVE-2013-4162
CVE-2013-1943
CVE-2012-6544
CVE-2013-2234
CVE-2013-2237
CVE-2013-2232
CVE-2013-2224
CVE-2013-2146
CVE-2013-2206
CVE-2013-2164
CVE-2013-1935
CVE-2013-2852
CVE-2013-2634
CVE-2013-2635
CVE-2013-3231
CVE-2013-2128
CVE-2013-3225
CVE-2013-3224
CVE-2013-2094
CVE-2012-6548
CVE-2013-3301
CVE-2013-3222
CVE-2013-2017
CVE-2013-1796
CVE-2013-1848
CVE-2013-0914
CVE-2013-0913
CVE-2013-1797
CVE-2013-1798
CVE-2013-1792
CVE-2012-6537
CVE-2012-6546
CVE-2013-1773
CVE-2012-6547
CVE-2012-6542
CVE-2013-1774
CVE-2013-0349
CVE-2013-1826
CVE-2013-1827
CVE-2013-1767
CVE-2013-0871
CVE-2013-0268
CVE-2013-0228
CVE-2013-0190
CVE-2012-4542
CVE-2012-4461
CVE-2012-4530
CVE-2012-4398
CVE-2012-4508
CVE-2012-4565
CVE-2012-2375
CVE-2012-2100
CVE-2012-2133
CVE-2012-1568
CVE-2012-3511
CVE-2012-3412
CVE-2012-3400
CVE-2012-3430
CVE-2012-2390
CVE-2012-2313
CVE-2012-2384
CVE-2012-2383
CVE-2011-1078
CVE-2012-2744
CVE-2012-2745
CVE-2012-2123
CVE-2012-2372
CVE-2012-2136
CVE-2012-2137
CVE-2012-1179
CVE-2012-2119
CVE-2012-2121
CVE-2012-1601
CVE-2011-1083
CVE-2011-4086
CVE-2011-4127
CVE-2012-1097
CVE-2012-0879
CVE-2012-0056
CVE-2012-0207
CVE-2012-0045
CVE-2011-4081
CVE-2011-4594
CVE-2011-4110
CVE-2011-3347
CVE-2011-4098
CVE-2011-3593
CVE-2011-4097
CVE-2011-3638
CVE-2011-3637
CVE-2011-2494
CVE-2011-2942
CVE-2011-3363
CVE-2011-1161
CVE-2011-1162
CVE-2011-1020
CVE-2011-3359
CVE-2011-3353
CVE-2011-3191
CVE-2011-2905
CVE-2011-1577
CVE-2011-2521
CVE-2011-3188
CVE-2011-2699
CVE-2011-1833
CVE-2011-1160
CVE-2011-2693
CVE-2011-2496
CVE-2011-1745
CVE-2011-2022
CVE-2011-1746
CVE-2011-2484
CVE-2011-2517
CVE-2011-2492
CVE-2011-2213
CVE-2011-2495
CVE-2011-1776
CVE-2011-2695
CVE-2011-1898
CVE-2011-1593
CVE-2011-2497
CVE-2011-1576
CVE-2011-1767
CVE-2011-1768
CVE-2011-1770
CVE-2011-1771
CVE-2011-1598
CVE-2011-1748
CVE-2010-3858
CVE-2011-1182
CVE-2010-4251
CVE-2011-1494
CVE-2011-1495
CVE-2011-1082
CVE-2011-1090
CVE-2011-1010
CVE-2011-1163
CVE-2011-1573
CVE-2010-4565
CVE-2010-4250
CVE-2011-1581
CVE-2010-3079
CVE-2011-1172
CVE-2011-1171
CVE-2011-1170
CVE-2011-1016
CVE-2011-1080
CVE-2011-1013
CVE-2011-1079
CVE-2011-1019
CVE-2010-4258
CVE-2011-0711
CVE-2011-0726
CVE-2011-1093
CVE-2011-0006
CVE-2011-1023
CVE-2011-0710
CVE-2010-4655
CVE-2011-0521
CVE-2010-3296
CVE-2010-4346
CVE-2010-4165
CVE-2010-4525
CVE-2010-4243
CVE-2010-4263
CVE-2010-4162
CVE-2010-3874
CVE-2010-4158
CVE-2010-4079
CVE-2010-4082
CVE-2010-4077
CVE-2010-4075
CVE-2010-4163
CVE-2010-4160
CVE-2010-4073
CVE-2010-4072
CVE-2010-3078
CVE-2010-3865
CVE-2010-4074
CVE-2010-2492
CVE-2010-3080
CVE-2010-3298
CVE-2010-3861
CVE-2010-3876
CVE-2010-4083
CVE-2010-3904
CVE-2010-2963
CVE-2010-2803
CVE-2010-2955
CVE-2010-3084
CVE-2010-3698
CVE-2010-2962
CVE-2010-3442
CVE-2010-3437
CVE-2010-3705
CVE-2010-3432
CVE-2010-3301
CVE-2010-3081
CVE-2010-2960
CVE-2010-2959
CVE-2010-2942
CVE-2010-2537
CVE-2010-2538
CVE-2010-2478
CVE-2010-2524
CVE-2009-4895
CVE-2010-2226
CVE-2010-2071
CVE-2010-2066
CVE-2010-1636
CVE-2010-1641
CVE-2010-1437
CVE-2010-1436
CVE-2010-0307
CVE-2010-1173
CVE-2010-0435
CVE-2010-0410
CVE-2009-4537
CVE-2010-1162
CVE-2010-0727
CVE-2010-1085
CVE-2010-0623
CVE-2010-0415
CVE-2010-0298
CVE-2010-0306
CVE-2010-0419
CVE-2010-0309
CVE    237
CVE-2010-0435
CVE-2010-4250
CVE-2011-0006
CVE-2011-1023
...
CPE    1373
cpe:/o:linux:linux_kernel:2.3.99:pre8
cpe:/o:linux:linux_kernel:2.3.99:pre9
cpe:/o:linux:linux_kernel:2.4.35
cpe:/o:linux:linux_kernel:2.6.34.10
...

© 2013 SecPod Technologies