- Home
- CVEs with nessus.description==Updated+kernel+packages+that+fix+multiple+security+issues+and+several+bugs+are+now+available+for+Red+Hat+Enterprise+Linux+6.%0A%0AThe+Red+Hat+Security+Response+Team+has+rated+this+update+as+having+moderate+security+impact.+Common+Vulnerability+Scoring+System+%28CVSS%29+base+scores%2C+which+give+detailed+severity+ratings%2C+are+available+for+each+vulnerability+from+the+CVE+links+in+the+References+section.%0A%0AThe+kernel+packages+contain+the+Linux+kernel%2C+the+core+of+any+Linux+operating+system.%0A%0AThis+update+fixes+the+following+security+issues+%3A%0A%0A%2A+A+flaw+was+found+in+the+tcp_read_sock%28%29+function+in+the+Linux+kernel%27s+IPv4+TCP%2FIP+protocol+suite+implementation+in+the+way+socket+buffers+%28skb%29+were+handled.+A+local%2C+unprivileged+user+could+trigger+this+issue+via+a+call+to+splice%28%29%2C+leading+to+a+denial+of+service.%0A%28CVE-2013-2128%2C+Moderate%29%0A%0A%2A+Information+leak+flaws+in+the+Linux+kernel+could+allow+a+local%2C+unprivileged+user+to+leak+kernel+memory+to+user-space.+%28CVE-2012-6548%2C+CVE-2013-2634%2C+CVE-2013-2635%2C+CVE-2013-3222%2C+CVE-2013-3224%2C+CVE-2013-3225%2C+Low%29%0A%0A%2A+An+information+leak+was+found+in+the+Linux+kernel%27s+POSIX+signals+implementation.+A+local%2C+unprivileged+user+could+use+this+flaw+to+bypass+the+Address+Space+Layout+Randomization+%28ASLR%29+security+feature.%0A%28CVE-2013-0914%2C+Low%29%0A%0A%2A+A+format+string+flaw+was+found+in+the+ext3_msg%28%29+function+in+the+Linux+kernel%27s+ext3+file+system+implementation.+A+local+user+who+is+able+to+mount+an+ext3+file+system+could+use+this+flaw+to+cause+a+denial+of+service+or%2C+potentially%2C+escalate+their+privileges.%0A%28CVE-2013-1848%2C+Low%29%0A%0A%2A+A+format+string+flaw+was+found+in+the+b43_do_request_fw%28%29+function+in+the+Linux+kernel%27s+b43+driver+implementation.+A+local+user+who+is+able+to+specify+the+%27fwpostfix%27+b43+module+parameter+could+use+this+flaw+to+cause+a+denial+of+service+or%2C+potentially%2C+escalate+their+privileges.+%28CVE-2013-2852%2C+Low%29%0A%0A%2A+A+NULL+pointer+dereference+flaw+was+found+in+the+Linux+kernel%27s+ftrace+and+function+tracer+implementations.+A+local+user+who+has+the+CAP_SYS_ADMIN+capability+could+use+this+flaw+to+cause+a+denial+of+service.+%28CVE-2013-3301%2C+Low%29%0A%0ARed+Hat+would+like+to+thank+Kees+Cook+for+reporting+CVE-2013-2852.%0A%0AThis+update+also+fixes+several+bugs.+Documentation+for+these+changes+will+be+available+shortly+from+the+Technical+Notes+document+linked+to+in+the+References+section.%0A%0AUsers+should+upgrade+to+these+updated+packages%2C+which+contain+backported+patches+to+correct+these+issues.+The+system+must+be+rebooted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top