Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3104)

Medium Nessus Plugin ID 80005


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- HID: magicmouse: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 19849355] {CVE-2014-3181}
- ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192542] {CVE-2014-4652}
- target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192517] {CVE-2014-4027}
- media-device: fix infoleak in ioctl media_enum_entities() (Salva Peir&oacute ) [Orabug: 20192501] {CVE-2014-1739} {CVE-2014-1739}
- udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192449] {CVE-2014-6410}
- ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192418] {CVE-2014-4656}
- ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192376] {CVE-2014-465}
- HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192205] {CVE-2014-3186}
- net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192059] {CVE-2014-3688}


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: Medium

ID: 80005

File Name: oraclelinux_ELSA-2014-3104.nasl

Version: $Revision: 1.7 $

Type: local

Agent: unix

Published: 2014/12/15

Modified: 2015/12/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/12/11

Reference Information

CVE: CVE-2014-1739, CVE-2014-3181, CVE-2014-3186, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4656, CVE-2014-6410

BID: 68048, 68159, 68163, 68170, 69763, 69770, 69779, 69799, 70768