oval:org.mitre.oval:def:27702

Definition Id: oval:org.mitre.oval:def:27702

Oval ID:	oval:org.mitre.oval:def:27702
Title:	ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update (important)
Description:	Following Security fixes are included in this unbreakable enterprise kernel errata: CVE-2010-3432 The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. CVE-2010-2962 drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. CVE-2010-2955 The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. CVE-2010-3705 The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. CVE-2010-3084 Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. CVE-2010-3437 Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. CVE-2010-3079 kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. CVE-2010-3698 The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). CVE-2010-3442 Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-2011 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3698 CVE-2010-3705 CVE-2010-2955 CVE-2010-2962 CVE-2010-3079 CVE-2010-3084	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	kernel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-firmware kernel-headers ofa
Definition Synopsis:
Oracle Linux 5.x Packages match section kernel is earlier than 0:2.6.32-100.24.1.el5 AND kernel-debug is earlier than 0:2.6.32-100.24.1.el5 AND kernel-debug-devel is earlier than 0:2.6.32-100.24.1.el5 AND kernel-devel is earlier than 0:2.6.32-100.24.1.el5 AND kernel-doc is earlier than 0:2.6.32-100.24.1.el5 AND kernel-firmware is earlier than 0:2.6.32-100.24.1.el5 AND kernel-headers is earlier than 0:2.6.32-100.24.1.el5 AND ofa-2.6.32-100.24.1.el5 is earlier than 0:1.5.1-4.0.23 AND ofa-2.6.32-100.24.1.el5debug is earlier than 0:1.5.1-4.0.23

Definition Id: oval:org.mitre.oval:def:15459

Oval ID:	oval:org.mitre.oval:def:15459
Title:	Oracle Linux 5.x
Description:	The operating system installed on the system is Oracle Linux 5.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:oracle:linux:5	Version:	7
Platform(s):	Oracle Linux 5	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND Oracle Linux 5.x is installed
Referenced By:
oval:org.mitre.oval:def:27702

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0237s

Facebook rss twitter linkedin mail