Oracle.Enterprise.Linux.Update.for.UEK.ELSA-2012-2043

description-logoDescription

Unbreakable Enterprise Kernel is a fast, modern, reliable kernel that is optimized for Oracle software and hardware.
In November 2012, Oracle released update packages for Unbreakable Enterprise Kernel that fixed multiple vulnerabilities:
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. (CVE-2012-2133)
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. (CVE-2012-3400)
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (CVE-2012-3511)

affected-products-logoAffected Products

Oracle Linux 5
Oracle Linux 6

Impact logoImpact

These vulnerabilities could potentially allow remote attackers to execute arbitrary code, or to cause denial of service on vulnerable systems.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in
ELSA-2012-2043 Oracle Linux 5 https://oss.oracle.com/pipermail/el-errata/2012-November/003114.html
ELSA-2012-2043 Oracle Linux 6 https://oss.oracle.com/pipermail/el-errata/2012-November/003115.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)