Oracle Linux 6 : kernel (ELSA-2015-2636)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2015:2636 :

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's file system
implementation handled rename operations in which the source was
inside and the destination was outside of a bind mount. A privileged
user inside a container could use this flaw to escape the bind mount
and, potentially, escalate their privileges on the system.
(CVE-2015-2925, Important)

* It was found that the x86 ISA (Instruction Set Architecture) is
prone to a denial of service attack inside a virtualized environment
in the form of an infinite loop in the microcode due to the way
(sequential) delivering of benign exceptions such as #AC (alignment
check exception) and #DB (debug exception) is handled. A privileged
user inside a guest could use these flaws to create denial of service
conditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,
Important)

* A race condition flaw was found in the way the Linux kernel's IPC
subsystem initialized certain fields in an IPC object structure that
were later used for permission checking before inserting the object
into a globally visible list. A local, unprivileged user could
potentially use this flaw to elevate their privileges on the system.
(CVE-2015-7613, Important)

* It was found that the Linux kernel's keys subsystem did not
correctly garbage collect uninstantiated keyrings. A local attacker
could use this flaw to crash the system or, potentially, escalate
their privileges on the system. (CVE-2015-7872, Important)

Red Hat would like to thank Ben Serebrin of Google Inc. for reporting
the CVE-2015-5307 issue.

This update also fixes the following bugs :

* Previously, Human Interface Device (HID) ran a report on an
unaligned buffer, which could cause a page fault interrupt and an oops
when the end of the report was read. This update fixes this bug by
padding the end of the report with extra bytes, so the reading of the
report never crosses a page boundary. As a result, a page fault and
subsequent oops no longer occur. (BZ#1268203)

* The NFS client was previously failing to detect a directory loop for
some NFS server directory structures. This failure could cause NFS
inodes to remain referenced after attempting to unmount the file
system, leading to a kernel crash. Loop checks have been added to VFS,
which effectively prevents this problem from occurring. (BZ#1272858)

* Due to a race whereby the nfs_wb_pages_cancel() and
nfs_commit_release_pages() calls both removed a request from the
nfs_inode struct type, the kernel panicked with negative
nfs_inode.npages count. The provided upstream patch performs the
required serialization by holding the inode i_lock over the check of
PagePrivate and locking the request, thus preventing the race and
kernel panic from occurring. (BZ#1273721)

* Due to incorrect URB_ISO_ASAP semantics, playing an audio file using
a USB sound card could previously fail for some hardware
configurations. This update fixes the bug, and playing audio from a
USB sound card now works as expected. (BZ#1273916)

* Inside hugetlb, region data structures were protected by a
combination of a memory map semaphore and a single hugetlb instance
mutex. However, a page-fault scalability improvement backported to the
kernel on previous releases removed the single hugetlb instance mutex
and introduced a new mutex table, making the locking combination
insufficient, leading to possible race windows that could cause
corruption and undefined behavior. This update fixes the problem by
introducing a required spinlock to the region tracking functions for
proper serialization. The problem only affects software using huge
pages through hugetlb interface. (BZ#1274599)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2015-December/005638.html

Solution :

Update the affected kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 87396 ()

Bugtraq ID:

CVE ID: CVE-2015-2925
CVE-2015-5307
CVE-2015-7613
CVE-2015-7872
CVE-2015-8104

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now