Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2523)

Medium Nessus Plugin ID 68853


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16777774]
- Merge tag 'v2.6.39-400.21.1.16748891' of git:// into uek-2.6.39-400 (Maxim Uvarov) [Orabug: 16748891]
- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne)
- Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891]

- block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542}
- Merge tag 'v2.6.39-400.21.1#bug16684527' of git:// into uek-2.6.39-400_errata (Maxim Uvarov) [Orabug: 16684527]
- KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797}
- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349}
- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774}
- keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792}
- KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798}
- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796}
- tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767}
- procfs: do not confuse jiffies with cputime64_t (Andreas Schwab) [Orabug: 16673925]
- procfs: do not overflow get_{idle,iowait}_time for nohz (Michal Hocko) [Orabug: 16673925]
- xen/evtchn: Handle VIRQ_TIMER before any other hardirq in event loop. (Keir Fraser) [Orabug: 16093126]
- Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527]
- put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527]


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: Medium

ID: 68853

File Name: oraclelinux_ELSA-2013-2523.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2013/07/12

Modified: 2015/12/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/05/10

Reference Information

CVE: CVE-2012-4542, CVE-2013-0349, CVE-2013-1767, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798

BID: 58088, 58112, 58177, 58202, 58368, 58604, 58605, 58607