Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3074)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

- auditsc: audit_krule mask accesses need bounds checking (Andy
Lutomirski) [Orabug: 19590597] {CVE-2014-3917}

- oracleasm: Add support for new error return codes from block/SCSI
(Martin K. Petersen) [Orabug: 18438934]

- ib_ipoib: CSUM support in connected mode (Yuval Shaia) [Orabug:
18692878] - net: Reduce high cpu usage in bonding driver by do_csum
(Venkat Venkatsubra) [Orabug: 18141731] - [random] Partially revert
6d7c7e49: random: make 'add_interrupt_randomness() (John Sobecki)
[Orabug: 17740293] - oracleasm: claim FMODE_EXCL access on disk during
asm_open (Srinivas Eeda) [Orabug: 19453460] - notify block layer when
using temporary change to cache_type (Vaughan Cao) [Orabug: 19448451] -
sd: Fix parsing of 'temporary ' cache mode prefix (Ben Hutchings)
[Orabug: 19448451] - sd: fix array cache flushing bug causing
performance problems (James Bottomley) [Orabug: 19448451] - block: fix
max discard sectors limit (James Bottomley) [Orabug: 18961244] -
xen-netback: fix deadlock in high memory pressure (Junxiao Bi) [Orabug:
18959416] - sdp: fix keepalive functionality (shamir rabinovitch)
[Orabug: 18728784] - SELinux: Fix possible NULL pointer dereference in
selinux_inode_permission() (Steven Rostedt) [Orabug: 18552029] -
refcount: take rw_lock in ocfs2_reflink (Wengang Wang) [Orabug:
18406219] - ipv6: check return value for dst_alloc (Madalin Bucur)
[Orabug: 17865160] - cciss: bug fix to prevent cciss from loading in
kdump crash kernel (Mike Miller) [Orabug: 17740446] - configfs: fix
race between dentry put and lookup (Junxiao Bi) [Orabug: 17627075]

See also :

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Low / CVSS Base Score : 3.3
CVSS Temporal Score : 2.9
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 77625 ()

Bugtraq ID: 67699

CVE ID: CVE-2014-3917

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now