Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2513)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[2.6.39-400.21.1.el5uek]
- SPEC: v2.6.39-400.21.1 (Maxim Uvarov)
- xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen
provided pagetables. (Konrad Rzeszutek Wilk)

[2.6.39-400.20.1.el5uek]
- SPEC: v2.6.39-400.20.1 (Maxim Uvarov)
- PCI: Set device power state to PCI_D0 for device without native PM
support (Ajaykumar Hotchandani) [Orabug: 16482495]
- sched: Fix cgroup movement of waking process (Daisuke Nishimura)
[Orabug: 13740515]
- sched: Fix cgroup movement of newly created process (Daisuke
Nishimura) [Orabug: 13740515]
- sched: Fix cgroup movement of forking process (Daisuke Nishimura)
[Orabug: 13740515]

[2.6.39-400.19.1.el5uek]
- IB/core: Allow device-specific per-port sysfs files (Ralph Campbell)
- RDMA/cma: Pass QP type into rdma_create_id() (Sean Hefty)
- IB: Rename RAW_ETY to RAW_ETHERTYPE (Aleksey Senin)
- IB: Warning Resolution. (Ajaykumar Hotchandani)
- mlx4_core: fix FMR flags in free MTT range (Saeed Mahameed)
- mlx4_core/ib: sriov fmr bug fixes (Saeed Mahameed)
- mlx4_core: Change bitmap allocator to work in round-robin fashion (Saeed
Mahameed)
- mlx4_vnic: move host admin vnics to closed state when closing the vnic.
(Saeed Mahameed)
- mlx4_ib: make sure to flush clean_wq while closing sriov device (Saeed
Mahameed)
- ib_sdp: fix deadlock when sdp_cma_handler is called while socket is being
closed (Saeed Mahameed)
- ib_sdp: add unhandled events to rdma_cm_event_str (Saeed Mahameed)
- mlx4_core: use dev->sriov instead of hardcoed 127 vfs when
initializing FMR
MPT tables (Saeed Mahameed)
- mlx4_vnic: print vnic keep alive info in mlx4_vnic_info (Saeed Mahameed)
- rds: Congestion flag does not get cleared causing the connection to hang
(Bang Nguyen) [Orabug: 16424692]
- dm table: set flush capability based on underlying devices (Mike Snitzer)
[Orabug: 16392584]
- wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
task
(Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
(Oleg
Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg
Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- drm/i915: bounds check execbuffer relocation count (Kees Cook) [Orabug:
16482650] {CVE-2013-0913}
- NLS: improve UTF8 -> UTF16 string conversion routine (Alan Stern) [Orabug:
16425571] {CVE-2013-1773}
- ipmi: make kcs timeout parameters as module options (Pavel Bures) [Orabug:
16470881]
- drm/i915/lvds: ditch ->prepare special case (Daniel Vetter) [Orabug:
14394113]
- drm/i915: Leave LVDS registers unlocked (Keith Packard) [Orabug: 14394113]
- drm/i915: don't clobber the pipe param in sanitize_modesetting (Daniel
Vetter) [Orabug: 14394113]
- drm/i915: Sanitize BIOS debugging bits from PIPECONF (Chris Wilson)
[Orabug:
14394113]

[2.6.39-400.18.1.el5uek]
- SPEC: fix doc build (Guru Anbalagane)
- floppy: Fix a crash during rmmod (Vivek Goyal) [Orabug: 16040504]
- x86: ignore changes to paravirt_lazy_mode while in an interrupt context
(Chuck Anderson) [Orabug: 16417326]
- x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007]
{CVE-2013-0268}
- spec: unique debuginfo (Maxim Uvarov) [Orabug: 16245366]
- xfs: Use preallocation for inodes with extsz hints (Dave Chinner) [Orabug:
16307993]
- Add SIOCRDSGETTOS to get the current TOS for the socket (bang.nguyen)
[Orabug: 16397197]
- Changes to connect/TOS interface (bang.nguyen) [Orabug: 16397197]
- floppy: Cleanup disk->queue before calling put_disk() if add_disk() was
never
called (Vivek Goyal) [Orabug: 16040504]

See also :

https://oss.oracle.com/pipermail/el-errata/2013-April/003407.html
https://oss.oracle.com/pipermail/el-errata/2013-April/003406.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68850 ()

Bugtraq ID: 57838
57986
58200
58427

CVE ID: CVE-2013-0268
CVE-2013-0871
CVE-2013-0913
CVE-2013-1773