Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2519)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[2.6.39-400.21.2.el5uek]
- KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache
functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797}
- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson
Lizardo) [Orabug: 16711065] {CVE-2013-0349}
- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch)
[Orabug: 16425358] {CVE-2013-1774}
- keys: fix race with concurrent install_user_keyrings() (David Howells)
[Orabug: 16493354] {CVE-2013-1792}
- KVM: Fix bounds checking in ioapic indirect register reads
(CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798}
- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
(CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796}
- tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug:
16515833] {CVE-2013-1767}

See also :

https://oss.oracle.com/pipermail/el-errata/2013-April/003435.html
https://oss.oracle.com/pipermail/el-errata/2013-April/003434.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68851 ()

Bugtraq ID: 58112
58177
58202
58368
58604
58605
58607

CVE ID: CVE-2013-0349
CVE-2013-1767
CVE-2013-1774
CVE-2013-1792
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798