Oracle Linux 6 / 7 : kernel-uek (ELSA-2016-3587)

Medium Nessus Plugin ID 92656


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197}
- vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197}
- ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197}
- ovl: fix getcwd() failure after unsuccessful rmdir (Rui Wang) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197}
- xen: use same main loop for counting and remapping pages (Juergen Gross) [Orabug: 24012238]
- Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 23710417]
- atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23704078] {CVE-2016-2117}
- Revert 'perf tools: Bump default sample freq to 4 kHz' (ashok.vairavan) [Orabug: 23634802]
- block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23333444]
- sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23333444]
- sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23333444]
- sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23333444]
- sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23333444]
- Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23333444]
- block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23333444]


Update the affected kernel-uek packages.

See Also

Plugin Details

Severity: Medium

ID: 92656

File Name: oraclelinux_ELSA-2016-3587.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2016/08/01

Updated: 2019/09/27

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-37.6.1.el6uek, p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-37.6.1.el7uek, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2016/07/29

Vulnerability Publication Date: 2016/05/02

Reference Information

CVE: CVE-2016-2117, CVE-2016-6197, CVE-2016-6198