Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3103)

Medium Nessus Plugin ID 80004

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

kernel-uek [3.8.13-55.1.1.el7uek]
- ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192540] {CVE-2014-4652}
- target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192516] {CVE-2014-4027}
- HID: logitech: perform bounds checking on device_id early enough (Jiri Kosina) [Orabug: 20192477] {CVE-2014-3182}
- udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192448] {CVE-2014-6410}
- ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192416] {CVE-2014-4656}
- ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192367] {CVE-2014-4656}
- HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192208] {CVE-2014-3186}
- net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192058] {CVE-2014-3688}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2014-December/004715.html

https://oss.oracle.com/pipermail/el-errata/2014-December/004716.html

Plugin Details

Severity: Medium

ID: 80004

File Name: oraclelinux_ELSA-2014-3103.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2014/12/15

Updated: 2019/04/01

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-55.1.1.el6uek, p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-55.1.1.el7uek, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/12/11

Vulnerability Publication Date: 2014/06/23

Reference Information

CVE: CVE-2014-3182, CVE-2014-3186, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4656, CVE-2014-6410

BID: 68159, 68163, 68170, 69763, 69770, 69799, 70768