Oval Definition:oval:org.mitre.oval:def:23690
Revision Date:2014-07-21Version:18
Title:ELSA-2014:0328: kernel security and bug fix update (Important)
Description:The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
ELSA-2014:0328-01
Platform(s):Oracle Linux 6
Product(s):kernel
Definition Synopsis
  • Oracle Linux 6.x
  • AND rpm test
  • kernel-debug-devel is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-headers is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-doc is earlier than 0:2.6.32-431.11.2.el6
  • OR perf is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-bootwrapper is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-debug is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-firmware is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-devel is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-kdump is earlier than 0:2.6.32-431.11.2.el6
  • OR python-perf is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-abi-whitelists is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-kdump-devel is earlier than 0:2.6.32-431.11.2.el6
    • BACK