Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2010)

Medium Nessus Plugin ID 68414


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- sync up with uek6 version

- [block] check for proper length of iov entries earlier in blk_rq_map_user_iov (Xiaotian Feng) {CVE-2010-4668}
- scm: lower SCM_MAX_FD (Eric Dumazet) {CVE-2010-4249}
- perf_events: Fix perf_counter_mmap() hook in mprotect() (Pekka Enberg) {CVE-2010-4169}
- tcp: Increase TCP_MAXSEG socket option minimum (David S. Miller) {CVE-2010-4165}
- Enable module force load option [orabug 11782146]
- Enable vmw balloon and pvscsi (Guru Anbalagane) [orabug 11697522]
- fix hpilo module option in config

- build from git


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: Medium

ID: 68414

File Name: oraclelinux_ELSA-2011-2010.nasl

Version: $Revision: 1.7 $

Type: local

Agent: unix

Published: 2013/07/12

Modified: 2016/04/29

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.9.el5, p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.9.el5debug, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/18

Reference Information

CVE: CVE-2010-4165, CVE-2010-4169, CVE-2010-4249, CVE-2010-4668