Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3658)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3658 advisory. - ping: implement proper locking Eric Dumazet Orabug: 26540288 CVE-2017-2671 - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 266759...

Oracle Linux 6 : kernel (ELSA-2017-2863)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2863 advisory. - net l2cap: prevent stack overflow on incoming bluetooth packet Neil Horman 1490060 1490062 CVE-2017-1000251 - fs binfmtelf.c:loadelfbinary: return -EINVAL on...

kernel security and bug fix update

2.6.32-696.13.2.OL6 - Update genkey bug 25599697 2.6.32-696.13.2 - net l2cap: prevent stack overflow on incoming bluetooth packet Neil Horman 1490060 1490062 CVE-2017-1000251 - fs binfmtelf.c:loadelfbinary: return -EINVAL on zero-length mappings Petr Matousek 1492959 1492961 CVE-2017-1000253 - fs...

Oracle Linux 6 : kernel (ELSA-2017-2795)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2795 advisory. - fs binfmtelf.c:loadelfbinary: return -EINVAL on zero-length mappings Petr Matousek 1492959 1492961 CVE-2017-1000253 Tenable has extracted the preceding...

Linux Kernel 64位Personality处理本地拒绝服务漏洞

BUGTRAQ ID: 38027 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在设置进程的personality时存在错误，本地用户在执行缺少ELF解释器的64位应用时可能触发分段错误，导致内核崩溃。 漏洞起因是fs/binfmtelf.c文件中的loadelfbinary函数，该函数在检查ELF解释器可用之前调用了 SETPERSONALITY，将之前的32位进程转换为了64位进程。如果execve成功，这不会导致问题，但在...

CVE-2005-1263

CVE-2005-1263 affects the Linux kernel: the elf_core_dump path in binfmt_elf.c can trigger a negative length in create_elf_tables, causing a buffer overflow that enables local attackers to execute arbitrary code. Affected: Linux kernel 2.x up to listed pre-release/rc versions across multiple line...