Oracle.Enterprise.Linux.Update.for.UEK.ELSA-2012-2043
Description
Unbreakable Enterprise Kernel is a fast, modern, reliable kernel that is optimized for Oracle software and hardware.
In November 2012, Oracle released update packages for Unbreakable Enterprise Kernel that fixed multiple vulnerabilities:
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. (CVE-2012-2133)
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. (CVE-2012-3400)
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (CVE-2012-3511)
Affected Products
Oracle Linux 5
Oracle Linux 6
Impact
These vulnerabilities could potentially allow remote attackers to execute arbitrary code, or to cause denial of service on vulnerable systems.
Recommended Actions
Please download and apply patches as instructed in
ELSA-2012-2043 Oracle Linux 5 https://oss.oracle.com/pipermail/el-errata/2012-November/003114.html
ELSA-2012-2043 Oracle Linux 6 https://oss.oracle.com/pipermail/el-errata/2012-November/003115.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |