Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2013:1166
HistoryAug 21, 2013 - 2:07 p.m.

kernel security update

2013-08-2114:07:08
CentOS Project
lists.centos.org
60

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.741 High

EPSS

Percentile

98.1%

JSON

CentOS Errata and Security Advisory CESA-2013:1166

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

  • A flaw was found in the way the Linux kernel’s Stream Control
    Transmission Protocol (SCTP) implementation handled duplicate cookies. If a
    local user queried SCTP connection information at the same time a remote
    attacker has initialized a crafted SCTP connection to the system, it could
    trigger a NULL pointer dereference, causing the system to crash.
    (CVE-2013-2206, Important)

  • It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540
    introduced an invalid free flaw in the Linux kernel’s TCP/IP protocol suite
    implementation. A local, unprivileged user could use this flaw to corrupt
    kernel memory via crafted sendmsg() calls, allowing them to cause a denial
    of service or, potentially, escalate their privileges on the system.
    (CVE-2013-2224, Important)

  • An invalid pointer dereference flaw was found in the Linux kernel’s
    TCP/IP protocol suite implementation. A local, unprivileged user could use
    this flaw to crash the system or, potentially, escalate their privileges on
    the system by using sendmsg() with an IPv6 socket connected to an IPv4
    destination. (CVE-2013-2232, Moderate)

  • Information leak flaws in the Linux kernel could allow a privileged,
    local user to leak kernel memory to user-space. (CVE-2013-2164,
    CVE-2013-2147, CVE-2013-2234, CVE-2013-2237, Low)

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-August/082072.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1166

OSVersionArchitecturePackageVersionFilename
CentOS5i686kernel< 2.6.18-348.16.1.el5kernel-2.6.18-348.16.1.el5.i686.rpm
CentOS5i686kernel-debug< 2.6.18-348.16.1.el5kernel-debug-2.6.18-348.16.1.el5.i686.rpm
CentOS5i686kernel-debug-devel< 2.6.18-348.16.1.el5kernel-debug-devel-2.6.18-348.16.1.el5.i686.rpm
CentOS5i686kernel-devel< 2.6.18-348.16.1.el5kernel-devel-2.6.18-348.16.1.el5.i686.rpm
CentOS5noarchkernel-doc< 2.6.18-348.16.1.el5kernel-doc-2.6.18-348.16.1.el5.noarch.rpm
CentOS5i386kernel-headers< 2.6.18-348.16.1.el5kernel-headers-2.6.18-348.16.1.el5.i386.rpm
CentOS5i686kernel-pae< 2.6.18-348.16.1.el5kernel-PAE-2.6.18-348.16.1.el5.i686.rpm
CentOS5i686kernel-pae-devel< 2.6.18-348.16.1.el5kernel-PAE-devel-2.6.18-348.16.1.el5.i686.rpm
CentOS5i686kernel-xen< 2.6.18-348.16.1.el5kernel-xen-2.6.18-348.16.1.el5.i686.rpm
CentOS5i686kernel-xen-devel< 2.6.18-348.16.1.el5kernel-xen-devel-2.6.18-348.16.1.el5.i686.rpm
Rows per page:
1-10 of 181

Related

redhat 6
nessus 40
openvas 62
oraclelinux 7
vmware 1
centos 1
ubuntu 13
cve 8
prion 8
debiancve 8
ubuntucve 8
altlinux 2
osv 2
debian 2
mageia 7
fedora 5
securityvulns 1
veracode 10
suse 6
checkpoint_advisories 1
f5 1
redhat
redhat
(RHSA-2013:1166) Important: kernel security and bug fix update
2013-08-20 00:00:00
(RHSA-2013:1173) Important: kernel security and bug fix update
2013-08-27 00:00:00
(RHSA-2013:1195) Important: kernel security and bug fix update
2013-09-03 00:00:00
nessus
nessus
Oracle Linux 5 : kernel (ELSA-2013-1166-1)
2013-08-23 00:00:00
Oracle Linux 5 : ELSA-2013-1166-1: / kernel (ELSA-2013-11661)
2023-09-07 00:00:00
Oracle Linux 5 : kernel (ELSA-2013-1166)
2013-08-23 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2013:1166 centos5
2013-08-27 00:00:00
RedHat Update for kernel RHSA-2013:1166-01
2013-09-06 00:00:00
CentOS Update for kernel CESA-2013:1166 centos5
2013-08-27 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2013-08-21 00:00:00
kernel security and bug fix update
2013-08-21 00:00:00
kernel security and bug fix update
2013-08-27 00:00:00
vmware
vmware
VMware ESX updates to third party libraries
2013-12-05 00:00:00
centos
centos
kernel, perf, python security update
2013-08-28 19:03:34
ubuntu
ubuntu
Linux kernel vulnerabilities
2013-07-29 00:00:00
Linux kernel (EC2) vulnerabilities
2013-07-29 00:00:00
Linux kernel (OMAP4) vulnerabilities
2013-09-06 00:00:00
cve
cve
CVE-2013-2224
2013-07-04 21:55:00
CVE-2013-2206
2013-07-04 21:55:00
CVE-2012-3552
2012-10-03 11:02:00
prion
prion
Design/Logic Flaw
2013-07-04 21:55:00
Null pointer dereference
2013-07-04 21:55:00
Design/Logic Flaw
2013-06-07 14:03:00
debiancve
debiancve
CVE-2013-2224
2013-07-04 21:55:00
CVE-2013-2147
2013-06-07 14:03:00
CVE-2013-2206
2013-07-04 21:55:00
ubuntucve
ubuntucve
CVE-2013-2224
2013-07-04 00:00:00
CVE-2013-2147
2013-06-07 00:00:00
CVE-2013-2206
2013-06-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt11
2013-08-30 00:00:00
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt8
2013-07-02 00:00:00
osv
osv
linux-2.6 - several
2013-09-27 00:00:00
linux - several
2013-08-28 00:00:00
debian
debian
[SECURITY] [DSA 2766-1] linux-2.6 security update
2013-09-27 23:24:02
[SECURITY] [DSA 2745-1] linux security update
2013-08-29 05:07:31
mageia
mageia
Updated kernel packages fix multiple security vulnerabilities
2013-07-09 21:56:42
Updated kernel-tmb packages fix multiple security vulnerabilities
2013-07-16 12:01:28
Updated kernel packages fix multiple security vulnerabilities
2013-07-06 18:25:03
fedora
fedora
[SECURITY] Fedora 19 Update: kernel-3.9.9-302.fc19
2013-07-14 03:30:56
[SECURITY] Fedora 19 Update: kernel-3.10.3-300.fc19
2013-07-26 22:59:37
[SECURITY] Fedora 19 Update: kernel-3.9.5-301.fc19
2013-06-14 04:52:17
securityvulns
securityvulns
[ MDVSA-2013:194 ] kernel
2013-07-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:52:18
Denial Of Service (DoS)
2019-05-02 04:52:19
Information Disclosure
2019-05-02 04:52:18
suse
suse
Security update for Linux kernel (important)
2013-09-21 01:04:16
Security update for Linux kernel (important)
2013-09-21 00:04:17
Security update for Real Time Linux Kernel (important)
2013-11-22 05:04:54
checkpoint_advisories
checkpoint_advisories
Linux Kernel SCTP Duplicate Cookie Handling Denial of Service (CVE-2013-2206)
2013-11-18 00:00:00
f5
f5
K72453266 : Linux kernel vulnerability CVE-2013-2164
2018-09-26 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.741 High

EPSS

Percentile

98.1%

JSON
Related for CESA-2013:1166
redhat6nessus40openvas62oraclelinux7vmware1centos1ubuntu13cve8prion8debiancve8ubuntucve8altlinux2osv2debian2mageia7fedora5securityvulns1veracode10suse6checkpoint_advisories1f51