Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4227)

Medium Nessus Plugin ID 117769


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- nsfs: mark dentry with DCACHE_RCUACCESS (Cong Wang) [Orabug:
28576290] {CVE-2018-5873}
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek
Wilk) [Orabug: 28604628]
- IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655409]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia)
[Orabug: 28655409]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia)
[Orabug: 28655409]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia)
[Orabug: 28655409]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664501] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664577] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor
Erminpour) [Orabug: 28680213]


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: Medium

ID: 117769

File Name: oraclelinux_ELSA-2018-4227.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/09/27

Modified: 2018/09/27

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Patch Publication Date: 2018/09/26

Reference Information

CVE: CVE-2017-13695, CVE-2018-16658, CVE-2018-5873