Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)

High Nessus Plugin ID 83448

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

kernel-uek [3.8.13-68.2.2.el7uek]

* crypto: aesni

* fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077385] {CVE-2015-3331}

[3.8.13-68.2.1.el7uek]

* xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}

* xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20860817]

* Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]

* net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* net/core/flow.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* mm, vmstat: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* trace, ring-buffer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* hwmon, via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* hwmon, coretemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* octeon, watchdog: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* oprofile, nmi-timer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* intel-idle: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* acpi-cpufreq: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* scsi, fcoe: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* scsi, bnx2i: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* arm64, debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* arm64, hw_breakpoint.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, kvm: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, pci, amd-bus: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, hpet: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, amd, ibs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, mce: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, intel, uncore: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, cpuid: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* x86, msr: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* powerpc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* sparc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* s390, smp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* s390, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* arm, hw-breakpoint: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* ia64, err-inject: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* ia64, topology: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* ia64, palinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* CPU hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]

* CPU hotplug: Provide lockless versions of callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697]

* isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}

* KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}

* mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}

* selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}

* IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2015-May/005069.html

https://oss.oracle.com/pipermail/el-errata/2015-May/005070.html

Plugin Details

Severity: High

ID: 83448

File Name: oraclelinux_ELSA-2015-3035.nasl

Version: 2.10

Type: local

Agent: unix

Published: 2015/05/14

Updated: 2019/03/19

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el6uek, p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el7uek, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/05/13

Vulnerability Publication Date: 2014/05/08

Reference Information

CVE: CVE-2014-3215, CVE-2014-8159, CVE-2014-8171, CVE-2014-9529, CVE-2014-9584, CVE-2015-2150, CVE-2015-3331

BID: 67341, 71880, 71883, 73014, 73060, 74235, 74293