Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

kernel-uek
[4.1.12-61.1.34.el7uek]
- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171]
- ksplice: add sysctls for determining Ksplice features. (Jamie Iles)
[Orabug: 25698171]
- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie
Iles) [Orabug: 25698171]
- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini)
[Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583}
- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug:
25719728] {CVE-2016-10208}
- ext4: reserve code points for the project quota feature (Theodore
Ts'o) [Orabug: 25719728] {CVE-2016-10208}
- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug:
25719728] {CVE-2016-10208}
- ext4: clean up feature test macros with predicate functions (Darrick
J. Wong) [Orabug: 25719728] {CVE-2016-10208}
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner)
[Orabug: 25719793] {CVE-2017-5986}
- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug:
25720805] {CVE-2017-6214}
- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839]
{CVE-2017-6347}
- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839]
{CVE-2017-6347}
- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem
de Bruijn) [Orabug: 25720839] {CVE-2017-6347}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy
Whitcroft) [Orabug: 25814641] {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
(Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}
- block: fix use-after-free in seq file (Vegard Nossum) [Orabug:
25877509] {CVE-2016-7910}

See also :

https://oss.oracle.com/pipermail/el-errata/2017-April/006859.html
https://oss.oracle.com/pipermail/el-errata/2017-April/006860.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 99389 ()

Bugtraq ID:

CVE ID: CVE-2016-10208
CVE-2016-7910
CVE-2017-2583
CVE-2017-5986
CVE-2017-6214
CVE-2017-6347
CVE-2017-7184

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now