Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2513)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

- SPEC: v2.6.39-400.21.1 (Maxim Uvarov)
- xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen
provided pagetables. (Konrad Rzeszutek Wilk)

- SPEC: v2.6.39-400.20.1 (Maxim Uvarov)
- PCI: Set device power state to PCI_D0 for device without native PM
support (Ajaykumar Hotchandani) [Orabug: 16482495]
- sched: Fix cgroup movement of waking process (Daisuke Nishimura)
[Orabug: 13740515]
- sched: Fix cgroup movement of newly created process (Daisuke
Nishimura) [Orabug: 13740515]
- sched: Fix cgroup movement of forking process (Daisuke Nishimura)
[Orabug: 13740515]

- IB/core: Allow device-specific per-port sysfs files (Ralph Campbell)
- RDMA/cma: Pass QP type into rdma_create_id() (Sean Hefty)
- IB: Rename RAW_ETY to RAW_ETHERTYPE (Aleksey Senin)
- IB: Warning Resolution. (Ajaykumar Hotchandani)
- mlx4_core: fix FMR flags in free MTT range (Saeed Mahameed)
- mlx4_core/ib: sriov fmr bug fixes (Saeed Mahameed)
- mlx4_core: Change bitmap allocator to work in round-robin fashion (Saeed
- mlx4_vnic: move host admin vnics to closed state when closing the vnic.
(Saeed Mahameed)
- mlx4_ib: make sure to flush clean_wq while closing sriov device (Saeed
- ib_sdp: fix deadlock when sdp_cma_handler is called while socket is being
closed (Saeed Mahameed)
- ib_sdp: add unhandled events to rdma_cm_event_str (Saeed Mahameed)
- mlx4_core: use dev->sriov instead of hardcoed 127 vfs when
initializing FMR
MPT tables (Saeed Mahameed)
- mlx4_vnic: print vnic keep alive info in mlx4_vnic_info (Saeed Mahameed)
- rds: Congestion flag does not get cleared causing the connection to hang
(Bang Nguyen) [Orabug: 16424692]
- dm table: set flush capability based on underlying devices (Mike Snitzer)
[Orabug: 16392584]
- wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
(Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg
Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- drm/i915: bounds check execbuffer relocation count (Kees Cook) [Orabug:
16482650] {CVE-2013-0913}
- NLS: improve UTF8 -> UTF16 string conversion routine (Alan Stern) [Orabug:
16425571] {CVE-2013-1773}
- ipmi: make kcs timeout parameters as module options (Pavel Bures) [Orabug:
- drm/i915/lvds: ditch ->prepare special case (Daniel Vetter) [Orabug:
- drm/i915: Leave LVDS registers unlocked (Keith Packard) [Orabug: 14394113]
- drm/i915: don't clobber the pipe param in sanitize_modesetting (Daniel
Vetter) [Orabug: 14394113]
- drm/i915: Sanitize BIOS debugging bits from PIPECONF (Chris Wilson)

- SPEC: fix doc build (Guru Anbalagane)
- floppy: Fix a crash during rmmod (Vivek Goyal) [Orabug: 16040504]
- x86: ignore changes to paravirt_lazy_mode while in an interrupt context
(Chuck Anderson) [Orabug: 16417326]
- x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007]
- spec: unique debuginfo (Maxim Uvarov) [Orabug: 16245366]
- xfs: Use preallocation for inodes with extsz hints (Dave Chinner) [Orabug:
- Add SIOCRDSGETTOS to get the current TOS for the socket (bang.nguyen)
[Orabug: 16397197]
- Changes to connect/TOS interface (bang.nguyen) [Orabug: 16397197]
- floppy: Cleanup disk->queue before calling put_disk() if add_disk() was
called (Vivek Goyal) [Orabug: 16040504]

See also :

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68850 ()

Bugtraq ID: 57838

CVE ID: CVE-2013-0268

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now