| Description: | Summary:
The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.29.2.el5uek, mlnx_en-2.6.32-400.29.2.el6uek, ofa-2.6.32-400.29.2.el5uek, ofa-2.6.32-400.29.2.el6uek' package(s) announced via the ELSA-2013-2537 advisory.
Vulnerability Insight:
kernel-uek
[2.6.32-400.29.2uek]
- Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225}
- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3224}
- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3222}
- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173824] {CVE-2013-2634}
- udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] {CVE-2012-6548}
- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173824] {CVE-2013-2852}
- signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173824] {CVE-2013-0914}
Affected Software/OS:
'kernel-uek, mlnx_en-2.6.32-400.29.2.el5uek, mlnx_en-2.6.32-400.29.2.el6uek, ofa-2.6.32-400.29.2.el5uek, ofa-2.6.32-400.29.2.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6.
Solution:
Please install the updated package(s).
CVSS Score:
6.9
CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
