Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4161)

critical Nessus Plugin ID 110997
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.1.12-124.17.1.el7uek]
- block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756]
- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}
- net/rds: Implement ARP flushing correctly (H&aring kon Bugge) [Orabug: 28219857]
- net/rds: Fix incorrect bigger vs. smaller IP address check (H&aring kon Bugge) [Orabug: 28236599]
- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391]
- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] {CVE-2017-11600} {CVE-2017-11600}

[4.1.12-124.16.6.el7uek]
- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] {CVE-2017-7616}
- xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023]
- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) [Orabug: 27718303]
- mlx4_core: allocate ICM memory in page size chunks (Qing Huang) [Orabug: 27718303]
- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}
- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214]
- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]
- net/rds: Fix bug in failover_group parsing (H&aring kon Bugge) [Orabug: 28198749]
- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240074] {CVE-2018-5803}

[4.1.12-124.16.5.el7uek]
- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] {CVE-2017-18017}
- kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] {CVE-2018-10087}
- x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-July/007869.html

https://oss.oracle.com/pipermail/el-errata/2018-July/007870.html

Plugin Details

Severity: Critical

ID: 110997

File Name: oraclelinux_ELSA-2018-4161.nasl

Version: 1.7

Type: local

Agent: unix

Published: 7/11/2018

Updated: 9/27/2019

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*, cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-debug:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-debug-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-doc:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-firmware:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2018

Vulnerability Publication Date: 4/10/2017

Reference Information

CVE: CVE-2017-11600, CVE-2017-8824, CVE-2017-18017, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130, CVE-2018-5803, CVE-2017-7616