Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

kernel-uek
[3.8.13-68.2.2.el7uek]

* crypto: aesni

* fix memory usage in GCM decryption (Stephan Mueller)
[Orabug: 21077385] {CVE-2015-3331}

[3.8.13-68.2.1.el7uek]

* xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad
Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}

* xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne)
[Orabug: 20860817]

* Doc/cpu-hotplug: Specify race-free way to
register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]

*
net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S.
Bhat) [Orabug: 20917697]

* net/core/flow.c: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* mm, vmstat: Fix
CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* trace, ring-buffer: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* hwmon,
via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* hwmon, coretemp: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* octeon, watchdog:
Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug:
20917697]

* oprofile, nmi-timer: Fix CPU hotplug callback registration
(Srivatsa S. Bhat) [Orabug: 20917697]

* intel-idle: Fix CPU hotplug
callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

*
drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa
S. Bhat) [Orabug: 20917697]

* acpi-cpufreq: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* scsi, fcoe: Fix
CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* scsi, bnx2i: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* arm64,
debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* arm64, hw_breakpoint.c: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, kvm: Fix CPU
hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

*
x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S.
Bhat) [Orabug: 20917697]

* x86, pci, amd-bus: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, hpet: Fix CPU
hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

*
x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa
S. Bhat) [Orabug: 20917697]

* x86, amd, ibs: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86,
therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* x86, mce: Fix CPU hotplug callback registration
(Srivatsa S. Bhat) [Orabug: 20917697]

* x86, intel, uncore: Fix CPU
hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

*
x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* x86, cpuid: Fix CPU hotplug callback registration
(Srivatsa S. Bhat) [Orabug: 20917697]

* x86, msr: Fix CPU hotplug
callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* powerpc,
sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* sparc, sysfs: Fix CPU hotplug callback registration
(Srivatsa S. Bhat) [Orabug: 20917697]

* s390, smp: Fix CPU hotplug
callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* s390,
cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* arm, hw-breakpoint: Fix CPU hotplug callback
registration (Srivatsa S. Bhat) [Orabug: 20917697]

* ia64, err-inject:
Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug:
20917697]

* ia64, topology: Fix CPU hotplug callback registration
(Srivatsa S. Bhat) [Orabug: 20917697]

* ia64, palinfo: Fix CPU hotplug
callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* CPU
hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat)
[Orabug: 20917697]

* CPU hotplug: Provide lockless versions of
callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697]

*
isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug:
20930551] {CVE-2014-9584}

* KEYS: close race between key lookup and freeing (Sasha Levin)
[Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}

* mm: memcg: do not allow task about to OOM kill to bypass the limit
(Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* fs: buffer: move allocation failure loop into the allocator (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: handle non-error OOM situations more gracefully (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: do not trap chargers with full callstack on OOM (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: rework and document OOM waiting and wakeup (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: enable memcg OOM killer only for user faults (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* x86: finish user fault error path with fatal signal (Johannes Weiner)
[Orabug: 20930539] {CVE-2014-8171}

* arch: mm: pass userspace fault flag to generic fault handler (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}

* selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}

* IB/core: Prevent integer overflow in ib_umem_get address arithmetic
(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}

See also :

https://oss.oracle.com/pipermail/el-errata/2015-May/005069.html
https://oss.oracle.com/pipermail/el-errata/2015-May/005070.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 83448 ()

Bugtraq ID: 67341
71880
71883
73014
73060
74235
74293

CVE ID: CVE-2014-3215
CVE-2014-8159
CVE-2014-8171
CVE-2014-9529
CVE-2014-9584
CVE-2015-2150
CVE-2015-3331

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now