Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3105)

Medium Nessus Plugin ID 80006

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

kernel-uek [2.6.32-400.36.12.el6uek]
- HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3184}
- ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192545] {CVE-2014-4652}
- udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192451] {CVE-2014-6410}
- ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192420] {CVE-2014-4656}
- ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192379] {CVE-2014-4656}
- net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192060] {CVE-2014-3688}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2014-December/004718.html

https://oss.oracle.com/pipermail/el-errata/2014-December/004720.html

Plugin Details

Severity: Medium

ID: 80006

File Name: oraclelinux_ELSA-2014-3105.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2014/12/15

Updated: 2019/04/01

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.12.el5uek, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.12.el5uekdebug, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.12.el6uek, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.12.el6uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.12.el5uek, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.12.el5uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.12.el6uek, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.12.el6uekdebug, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/12/11

Vulnerability Publication Date: 2014/07/03

Reference Information

CVE: CVE-2014-3184, CVE-2014-3688, CVE-2014-4652, CVE-2014-4656, CVE-2014-6410

BID: 68163, 68170, 69768, 69799, 70768