Oracle Linux 6 : kernel (ELSA-2015-1272)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1272 advisory. - fs take imutex during preparebinprm for setid executables Mateusz Guzik 1216269 CVE-2015-3339 - fs pipe: fix pipe corruption and iovec overrun on...

USN-2681-1 linux vulnerabilities

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-1805 A flaw was discovered in the kvm kernel virtual...

Oracle Linux 6 : kernel (ELSA-2015-1221)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1221 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202860 1185166 CVE-2015-1805 - net ipv4: Missing sknullsnodeinit in...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

Oracle Linux 7 : kernel (ELSA-2015-1137)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1137 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202861 1198843 CVE-2015-1805 - x86 kernel: Remove a bogus 'retfromfork'...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel security and bug fix update

3.10.0-229.7.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-229.7.2 - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202861 1198843 CVE-2015-1805 3.10.0-229.7.1 - scsi storvsc: get rid of overly verbose warning messages Vitaly Kuznetsov 1215770 1206437 - scsi...

IBM HTTP Server on Windows Apache Portable Runtime (APR) Named Pipe DoS

According to its banner, the version of IBM HTTP Server running on the remote host is potentially affected by a denial of service vulnerability due to an error related to the included Apache Portable Runtime APR and named pipe handling. A local attacker, using a 'named pipe squatting attack' from...

Debian Security Advisory DSA 3290-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption. CVE-2015-1805 Red Hat discovered that the pipe iovec read and write implementations may iterate over the iovec twice but will modify t...

DSA-3290-1 linux - security update

Bulletin has no description...

DLA-246-2 linux-2.6 - security update

Bulletin has no description...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

Oracle Linux 6 : kernel (ELSA-2015-1081)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1081 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202860 1185166 CVE-2015-1805 - x86 crypto: aesni - fix memory usage in...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

kernel security, bug fix, and enhancement update

2.6.32-504.23.4 - crypto drbg: fix maximum value checks on 32 bit systems Herbert Xu 1225950 1219907 - crypto drbg: remove configuration of fixed values Herbert Xu 1225950 1219907 2.6.32-504.23.3 - netdrv bonding: fix locking in enslave failure path Nikolay Aleksandrov 1222483 1221856 - netdrv...