Unbreakable Enterprise kernel security update

2.6.39-400.215.11 - ALSA: control: Don't access controls outside of protected regions Lars-Peter Clausen Orabug: 19817786 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 - ALSA: control: Fix replacing user controls Lars-Peter Clausen Orabug: 19817748 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 - kvm:...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this...

kernel security and bug fix update

3.10.0-123.8.1 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.8.1 - scsi fnic: fix broken FIP discovery by initializing multicast address Chris Leech 1119727 1100078 - scsi libfcoe: Make fcoesysfs optional / fix fnic NULL exception Chris Leech 1119727 1100078 - fs nfs: Don't mark the data...

CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...

unbreakable enterprise kernel security update

kernel-uek 2.6.32-400.36.7uek - sctp: Fix skackbacklog wrap-around problem Xufeng Zhang Orabug: 19404246 CVE-2014-4667...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

kernel security, bug fix, and enhancement update

3.10.0-123.4.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.4.2 - fs aio: fix plug memory disclosure and fix reqsactive accounting backport Jeff Moyer 1094604 1094605 CVE-2014-0206 - fs aio: plug memory disclosure and fix reqsactive accounting Mateusz Guzik 1094604 1094605 CVE-2014-0206...

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket...

CVE-2014-4654

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRVCTLIOCTLELEMREPLACE commands, which allows local users to remove kernel controls and cause a denial of service use-after-free and system...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5.6 Long Life. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

kernel security and bug fix update

2.6.32-431.20.3 - kernel futex: Make lookuppistate more robust Jerome Marchand 1104516 1104517 CVE-2014-3153 - kernel futex: Always cleanup owner tid in unlockpi Jerome Marchand 1104516 1104517 CVE-2014-3153 - kernel futex: Validate atomic acquisition in futexlockpiatomic Jerome Marchand 1104516...

openSUSE Security Update : kernel (openSUSE-SU-2011:0416-1)

The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues. Following security issues have been fixed: CVE-2011-1493: In the rose networking stack, when parsing the FACNATIONALDIGIS facilities field, it was possible for a remote host to provide more digipeaters than...

Oracle Linux 5 : kernel (ELSA-2014-0740-1)

From Red Hat Security Advisory 2014:0740 : Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CV...

unbreakable enterprise kernel security update

2.6.39-400.215.2 - futex: Make lookuppistate more robust Thomas Gleixner Orabug: 18918614 CVE-2014-3153 - futex: Always cleanup owner tid in unlockpi Thomas Gleixner Orabug: 18918614 CVE-2014-3153 - futex: Validate atomic acquisition in futexlockpiatomic Thomas Gleixner Orabug: 18918614...

kernel security, bug fix, and enhancement update

kernel 2.6.18-371.8.1 - virt HID: memory corruption flaw drivers/usb/input/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - virt HID: memory corruption flaw in drivers/hv/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - scsi lpfc: Fix task management commands having a fixed...

Oracle Linux 5 : kernel (ELSA-2014-0285)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0285 advisory. - ipc change refcount to atomict Phillip Lougher 1024866 1024868 CVE-2013-4483 - s390 qeth: buffer overflow in snmp ioctl Jacob Tanenbaum 1034402 10344...

Oracle Linux 5 : kernel (ELSA-2014-0285-1)

From Red Hat Security Advisory 2014:0285 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common...

kernel to 3.11.10 (important)

The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs: - floppy: bail out in open if drive is not responding to block0 read bnc773058. - compatsysrecvmmsg X32 fix bnc860993 CVE-2014-0038. - HID: usbhid: fix sis quirk bnc859804. - hwmon: coretemp Fix truncated name of...

Linux kernel 3.4+ Arbitrary write with CONFIG_X86_X32

Exploit for linux platform in category local exploits / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to ...

CVE-2013-7281

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...