Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2011-2024)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[2.6.32-200.16.1.el6uek]
- Revert change to restore DEFAULTKERNEL

[2.6.32-200.15.1.el6uek]
- Add -u parameter to kernel_variant_post to make it work
properly for uek [orabug 12819958]

[2.6.32-200.14.1.el6uek]
- Restore DEFAULTKERNEL value to 'kernel-uek' [orabug 12819958]

[2.6.32-200.13.1.el6uek]
- make default kernel kernel-uek (Kevin Lyons) [orabug 12803424]

[2.6.32-200.12.1.el6uek]
- SCSI: Fix oops dereferencing queue (Martin K. Petersen) [orabug 12741636]

[2.6.32-200.11.1.el6uek]
- inet_diag: fix inet_diag_bc_audit() (Eric Dumazet) [CVE-2011-2213]

[2.6.32-200.10.8.el6uek]
- block: export blk_{get,put}_queue() (Jens Axboe)
- [SCSI] Fix oops caused by queue refcounting failure (James Bottomley)
- [dm-mpath] maintain reference count for underlying devices (Martin K.
Petersen)

[2.6.32-200.10.7.el6uek]
- [net] gre: fix netns vs proto registration ordering {CVE-2011-1767}
- [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768}
- [rps] don't free rx_queue until netdevice is freed (Dave Kleikamp)
[orabug 11071685]

[2.6.32-200.10.6.el6uek]
- Add entropy generation to nics (John Sobecki) [10622900]
- [SCSI] compat_ioct: fix bsg SG_IO [orabug 12732464]
- ipc/sem.c: error path in try_atomic_semop() left spinlock locked

[2.6.32-200.10.5.el6uek]
- update kabi

[2.6.32-200.10.4.el6uek]
- block: Fix double free in blk_integrity_unregister [orabug 12707880]
- block: Make the integrity mapped property a bio flag [orabug 12707880]
- dm mpath: do not fail paths after integrity errors [orabug 12707880]
- dm ioctl: refactor dm_table_complete [orabug 12707880]
- block: Require subsystems to explicitly allocate bio_set integrity
mempool [orabug 12707880]
- dm: improve block integrity support [orabug 12707880]
- sd: Update protection mode strings [orabug 12707880]
- [SCSI] fix propogation of integrity errors [orabug 12707880]
- [SCSI] modify change_queue_depth to take in reason why it is being
called [orabug 12707880]
- [SCSI] scsi error: have scsi-ml call change_queue_depth to handle
QUEUE_FULL [orabug 12707880]
- [SCSI] add queue_depth ramp up code [orabug 12707880]
- [SCSI] scsi_dh: Change the scsidh_activate interface to be
asynchronous [orabug 12707880]
- [SCSI] add queue_depth ramp up code [orabug 12707880]
- [SCSI] scsi_dh: Change the scsidh_activate interface to be
asynchronous [orabug 12707880]
- SCSI: Updated RDAC device handler [orabug 12707880]
- [SCSI] scsi_dh: propagate SCSI device deletion [orabug 12707880]
- [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path
[orabug 12707880]
- qla2xxx: Driver update from QLogic [orabug 12707880]
- lpfc 8.3.5.44 driver update from Emulex [orabug 12707880]
- Add Hydra (hxge) support [orabug 12314121]
- update hxge to 1.3.1 [orabug 12314121]
- Hide mwait, TSC invariance and MTRR capability in published CPUID

[2.6.32-200.10.3.el6uek]
- [config] Revert 'Add some usb devices supported'
- [config] make all usb drivers part of the kernel.
- [fs] NFS: Don't SIGBUS if nfs_vm_page_mkwrite races with a cache
invalidation [orabug 10435482]

[2.6.32-200.10.2.el6uek]
- [config] Add some usb devices supported.

[2.6.32-200.10.1.el6uek]
- update kabi changes and revision to -200 series

See also :

https://oss.oracle.com/pipermail/el-errata/2011-August/002303.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68420 ()

Bugtraq ID:

CVE ID: CVE-2011-1767
CVE-2011-1768
CVE-2011-2213