New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 4.4
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
CVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 184.108.40.206 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
CVE-2008-5700 libata in the Linux kernel before 220.127.116.11 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
CVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux kernel before 18.104.22.168, and 2.6.28.x before 22.214.171.124, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 126.96.36.199 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue. CVE-2009-0676 The sock_getsockopt function in net/core/sock.c in the Linux kernel before 188.8.131.52 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
- CVE-2008-3528 - [fs] ext: directory corruption DoS (Eugene Teo)
- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo)
- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard)
- CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg Nesterov) [479963 479964]
- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo) [486517 486518]
- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo)
- CVE-2009-0778 - not required
- CVE-2009-0269 - not required
- Enable enic
- Finish porting infrastructure for fnic but disable it on 32bit
- Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]
- Add Cisco fnic/enic support, requires fc infrastructure from el5u3
SolutionUpdate the affected packages.