[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-0159 -- Oracle kernel

ID: oval:org.secpod.oval:def:1500371Date: (C)2014-03-06   (M)2024-02-19
Class: PATCHFamily: unix




Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command function in the Linux kernel#39;s QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. * A flaw was found in the way the get_dumpable function return value was interpreted in the ptrace subsystem of the Linux kernel. When #39;fs.suid_dumpable#39; was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. * It was found that certain protocol handlers in the Linux kernel#39;s networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls . This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Platform:
Oracle Linux 6
Product:
kernel
perf
python-perf
Reference:
ELSA-2014-0159
CVE-2013-7263
CVE-2013-2929
CVE-2013-6381
CVE-2013-7265
CVE    4
CVE-2013-6381
CVE-2013-2929
CVE-2013-7265
CVE-2013-7263
...
CPE    288
cpe:/o:linux:linux_kernel:3.0.40
cpe:/o:linux:linux_kernel:3.1.10
cpe:/o:linux:linux_kernel:3.0.42
cpe:/o:linux:linux_kernel:3.0.41
...

© SecPod Technologies