Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[4.1.12-61.1.33.el7uek]
- Revert 'x86/mm: Expand the exception table logic to allow new handling
options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug:
25790387] {CVE-2016-9644}

[4.1.12-61.1.32.el7uek]
- x86/mm: Expand the exception table logic to allow new handling options
(Tony Luck) [Orabug: 25790387] {CVE-2016-9644}

[4.1.12-61.1.31.el7uek]
- rebuild bumping release

[4.1.12-61.1.30.el7uek]
- net: ping: check minimum size on ICMP header length (Kees Cook)
[Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}
- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al
Viro) [Orabug: 25765436] {CVE-2016-10088}
- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang)
[Orabug: 25751984] {CVE-2017-7187}

[4.1.12-61.1.29.el7uek]
- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug:
25696677] {CVE-2017-2636}
- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug:
25696677] {CVE-2017-2636}
- If Slot Status indicates changes in both Data Link Layer Status and
Presence Detect, prioritize the Link status change. (Jack Vogel)
[Orabug: 25353783]
- PCI: pciehp: Leave power indicator on when enabling already-enabled
slot (Ashok Raj) [Orabug: 25353783]
- firewire: net: guard against rx buffer overflows (Stefan Richter)
[Orabug: 25451520] {CVE-2016-8633}
- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug:
25463898] {CVE-2016-3951}
- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bj&oslash rn Mork)
[Orabug: 25463898] {CVE-2016-3951}
- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso)
[Orabug: 25463898] {CVE-2016-3951}
- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector
Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}
- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug:
25507133] {CVE-2017-2596}
- crypto: mcryptd - Check mcryptd algorithm compatibility (tim)
[Orabug: 25507153] {CVE-2016-10147}
- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
(Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}
- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim
Kr&#x10D m&aacute &#x159 ) [Orabug: 25507213] {CVE-2016-9756}
- tcp: take care of truncations done by sk_filter() (Eric Dumazet)
[Orabug: 25507226] {CVE-2016-8645}
- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug:
25507226] {CVE-2016-8645}
- tipc: check minimum bearer MTU (Michal Kube&#x10D ek) [Orabug: 25507239]
{CVE-2016-8632} {CVE-2016-8632}
- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269]
{CVE-2016-9178}
- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug:
25507319] {CVE-2016-7425}
- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan
Carpenter) [Orabug: 25507319] {CVE-2016-7425}
- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug:
25507341] {CVE-2016-7097} {CVE-2016-7097}
- posix_acl: Clear SGID bit when setting file permissions (Jan Kara)
[Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366]
{CVE-2015-8952}
- USB: digi_acceleport: do sanity checking for the number of ports
(Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}
- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug:
25682419] {CVE-2017-6345}
- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen)
[Orabug: 25697847]
- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet)
[Orabug: 25698300] {CVE-2017-5970}
- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
(Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}
- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug:
25699015] {CVE-2017-5897}
- mpt3sas: Don't spam logs if logging level is 0 (Johannes Thumshirn)
[Orabug: 25699035]
- xen-netfront: cast grant table reference first to type int (Dongli
Zhang)
- xen-netfront: do not cast grant table reference to signed short
(Dongli Zhang)

See also :

https://oss.oracle.com/pipermail/el-errata/2017-April/006815.html
https://oss.oracle.com/pipermail/el-errata/2017-April/006816.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false