oval:org.mitre.oval:def:27362

Definition Id: oval:org.mitre.oval:def:27362

Oval ID:	oval:org.mitre.oval:def:27362
Title:	DEPRECATED: ELSA-2013-0496 -- Oracle Linux 6 kernel security and bugfix update (important)
Description:	This update fixes the following security issues: * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A flaw was found in the way the xen_failsafe_callback() function in the Linux kernel handled the failed iret (interrupt return) instruction notification from the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest could use this flaw to crash the guest. (CVE-2013-0190, Moderate) * A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309, Moderate) * A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system. (CVE-2013-0310, Moderate)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0496 CVE-2013-0190 CVE-2013-0309 CVE-2013-0311 CVE-2013-0310 CVE-2012-4508 CVE-2012-4542	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	kernel
Definition Synopsis:
Oracle Linux 6.x Packages match section kernel is earlier than 0:2.6.32-358.el6 AND kernel-debug is earlier than 0:2.6.32-358.el6 AND kernel-debug-devel is earlier than 0:2.6.32-358.el6 AND kernel-devel is earlier than 0:2.6.32-358.el6 AND kernel-doc is earlier than 0:2.6.32-358.el6 AND kernel-firmware is earlier than 0:2.6.32-358.el6 AND kernel-headers is earlier than 0:2.6.32-358.el6 AND perf is earlier than 0:2.6.32-358.el6 AND python-perf is earlier than 0:2.6.32-358.el6

Definition Id: oval:org.mitre.oval:def:16594

Oval ID:	oval:org.mitre.oval:def:16594
Title:	Oracle Linux 6.x
Description:	The operating system installed on the system is Oracle Linux 6.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:oracle:linux:6	Version:	5
Platform(s):	Oracle Linux 6	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND Oracle Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:27362

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0340s

Facebook rss twitter linkedin mail