Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2011-2024)

Medium Nessus Plugin ID 68420


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- Revert change to restore DEFAULTKERNEL

- Add -u parameter to kernel_variant_post to make it work properly for uek [orabug 12819958]

- Restore DEFAULTKERNEL value to 'kernel-uek' [orabug 12819958]

- make default kernel kernel-uek (Kevin Lyons) [orabug 12803424]

- SCSI: Fix oops dereferencing queue (Martin K. Petersen) [orabug 12741636]

- inet_diag: fix inet_diag_bc_audit() (Eric Dumazet) [CVE-2011-2213]

- block: export blk_{get,put}_queue() (Jens Axboe)
- [SCSI] Fix oops caused by queue refcounting failure (James Bottomley)
- [dm-mpath] maintain reference count for underlying devices (Martin K. Petersen)

- [net] gre: fix netns vs proto registration ordering {CVE-2011-1767}
- [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768}
- [rps] don't free rx_queue until netdevice is freed (Dave Kleikamp) [orabug 11071685]

- Add entropy generation to nics (John Sobecki) [10622900]
- [SCSI] compat_ioct: fix bsg SG_IO [orabug 12732464]
- ipc/sem.c: error path in try_atomic_semop() left spinlock locked

- update kabi

- block: Fix double free in blk_integrity_unregister [orabug 12707880]
- block: Make the integrity mapped property a bio flag [orabug 12707880]
- dm mpath: do not fail paths after integrity errors [orabug 12707880]
- dm ioctl: refactor dm_table_complete [orabug 12707880]
- block: Require subsystems to explicitly allocate bio_set integrity mempool [orabug 12707880]
- dm: improve block integrity support [orabug 12707880]
- sd: Update protection mode strings [orabug 12707880]
- [SCSI] fix propogation of integrity errors [orabug 12707880]
- [SCSI] modify change_queue_depth to take in reason why it is being called [orabug 12707880]
- [SCSI] scsi error: have scsi-ml call change_queue_depth to handle QUEUE_FULL [orabug 12707880]
- [SCSI] add queue_depth ramp up code [orabug 12707880]
- [SCSI] scsi_dh: Change the scsidh_activate interface to be asynchronous [orabug 12707880]
- [SCSI] add queue_depth ramp up code [orabug 12707880]
- [SCSI] scsi_dh: Change the scsidh_activate interface to be asynchronous [orabug 12707880]
- SCSI: Updated RDAC device handler [orabug 12707880]
- [SCSI] scsi_dh: propagate SCSI device deletion [orabug 12707880]
- [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path [orabug 12707880]
- qla2xxx: Driver update from QLogic [orabug 12707880]
- lpfc driver update from Emulex [orabug 12707880]
- Add Hydra (hxge) support [orabug 12314121]
- update hxge to 1.3.1 [orabug 12314121]
- Hide mwait, TSC invariance and MTRR capability in published CPUID

- [config] Revert 'Add some usb devices supported'
- [config] make all usb drivers part of the kernel.
- [fs] NFS: Don't SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation [orabug 10435482]

- [config] Add some usb devices supported.

- update kabi changes and revision to -200 series


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: Medium

ID: 68420

File Name: oraclelinux_ELSA-2011-2024.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2013/07/12

Updated: 2019/10/25

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:ofa-2.6.32-200.16.1.el6uek, p-cpe:/a:oracle:linux:ofa-2.6.32-200.16.1.el6uekdebug, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2011/08/24

Vulnerability Publication Date: 2011/08/29

Reference Information

CVE: CVE-2011-1767, CVE-2011-1768, CVE-2011-2213