Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2513)

High Nessus Plugin ID 68850


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- SPEC: v2.6.39-400.21.1 (Maxim Uvarov)
- xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen provided pagetables. (Konrad Rzeszutek Wilk)

- SPEC: v2.6.39-400.20.1 (Maxim Uvarov)
- PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [Orabug: 16482495]
- sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13740515]
- sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13740515]
- sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13740515]

- IB/core: Allow device-specific per-port sysfs files (Ralph Campbell)
- RDMA/cma: Pass QP type into rdma_create_id() (Sean Hefty)
- IB: Rename RAW_ETY to RAW_ETHERTYPE (Aleksey Senin)
- IB: Warning Resolution. (Ajaykumar Hotchandani)
- mlx4_core: fix FMR flags in free MTT range (Saeed Mahameed)
- mlx4_core/ib: sriov fmr bug fixes (Saeed Mahameed)
- mlx4_core: Change bitmap allocator to work in round-robin fashion (Saeed Mahameed)
- mlx4_vnic: move host admin vnics to closed state when closing the vnic.
(Saeed Mahameed)
- mlx4_ib: make sure to flush clean_wq while closing sriov device (Saeed Mahameed)
- ib_sdp: fix deadlock when sdp_cma_handler is called while socket is being closed (Saeed Mahameed)
- ib_sdp: add unhandled events to rdma_cm_event_str (Saeed Mahameed)
- mlx4_core: use dev->sriov instead of hardcoed 127 vfs when initializing FMR MPT tables (Saeed Mahameed)
- mlx4_vnic: print vnic keep alive info in mlx4_vnic_info (Saeed Mahameed)
- rds: Congestion flag does not get cleared causing the connection to hang (Bang Nguyen) [Orabug: 16424692]
- dm table: set flush capability based on underlying devices (Mike Snitzer) [Orabug: 16392584]
- wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871}
- drm/i915: bounds check execbuffer relocation count (Kees Cook) [Orabug:
16482650] {CVE-2013-0913}
- NLS: improve UTF8 -> UTF16 string conversion routine (Alan Stern) [Orabug:
16425571] {CVE-2013-1773}
- ipmi: make kcs timeout parameters as module options (Pavel Bures) [Orabug:
- drm/i915/lvds: ditch ->prepare special case (Daniel Vetter) [Orabug:
- drm/i915: Leave LVDS registers unlocked (Keith Packard) [Orabug: 14394113]
- drm/i915: don't clobber the pipe param in sanitize_modesetting (Daniel Vetter) [Orabug: 14394113]
- drm/i915: Sanitize BIOS debugging bits from PIPECONF (Chris Wilson) [Orabug:

- SPEC: fix doc build (Guru Anbalagane)
- floppy: Fix a crash during rmmod (Vivek Goyal) [Orabug: 16040504]
- x86: ignore changes to paravirt_lazy_mode while in an interrupt context (Chuck Anderson) [Orabug: 16417326]
- x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268}
- spec: unique debuginfo (Maxim Uvarov) [Orabug: 16245366]
- xfs: Use preallocation for inodes with extsz hints (Dave Chinner) [Orabug:
- Add SIOCRDSGETTOS to get the current TOS for the socket (bang.nguyen) [Orabug: 16397197]
- Changes to connect/TOS interface (bang.nguyen) [Orabug: 16397197]
- floppy: Cleanup disk->queue before calling put_disk() if add_disk() was never called (Vivek Goyal) [Orabug: 16040504]


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: High

ID: 68850

File Name: oraclelinux_ELSA-2013-2513.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2013/07/12

Modified: 2015/12/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/04/12

Exploitable With


Reference Information

CVE: CVE-2013-0268, CVE-2013-0871, CVE-2013-0913, CVE-2013-1773

BID: 57838, 57986, 58200, 58427