Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3074)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[2.6.39-400.215.10.el6uek]
- auditsc: audit_krule mask accesses need bounds checking (Andy
Lutomirski) [Orabug: 19590597] {CVE-2014-3917}

[2.6.39-400.215.9.el6uek]
- oracleasm: Add support for new error return codes from block/SCSI
(Martin K. Petersen) [Orabug: 18438934]

[2.6.39-400.215.8.el6uek]
- ib_ipoib: CSUM support in connected mode (Yuval Shaia) [Orabug:
18692878] - net: Reduce high cpu usage in bonding driver by do_csum
(Venkat Venkatsubra) [Orabug: 18141731] - [random] Partially revert
6d7c7e49: random: make 'add_interrupt_randomness() (John Sobecki)
[Orabug: 17740293] - oracleasm: claim FMODE_EXCL access on disk during
asm_open (Srinivas Eeda) [Orabug: 19453460] - notify block layer when
using temporary change to cache_type (Vaughan Cao) [Orabug: 19448451] -
sd: Fix parsing of 'temporary ' cache mode prefix (Ben Hutchings)
[Orabug: 19448451] - sd: fix array cache flushing bug causing
performance problems (James Bottomley) [Orabug: 19448451] - block: fix
max discard sectors limit (James Bottomley) [Orabug: 18961244] -
xen-netback: fix deadlock in high memory pressure (Junxiao Bi) [Orabug:
18959416] - sdp: fix keepalive functionality (shamir rabinovitch)
[Orabug: 18728784] - SELinux: Fix possible NULL pointer dereference in
selinux_inode_permission() (Steven Rostedt) [Orabug: 18552029] -
refcount: take rw_lock in ocfs2_reflink (Wengang Wang) [Orabug:
18406219] - ipv6: check return value for dst_alloc (Madalin Bucur)
[Orabug: 17865160] - cciss: bug fix to prevent cciss from loading in
kdump crash kernel (Mike Miller) [Orabug: 17740446] - configfs: fix
race between dentry put and lookup (Junxiao Bi) [Orabug: 17627075]

See also :

https://oss.oracle.com/pipermail/el-errata/2014-September/004422.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004423.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 2.9
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 77625 ()

Bugtraq ID: 67699

CVE ID: CVE-2014-3917

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now