Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-2024)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.122106

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2011-2024)

Summary: The remote host is missing an update for the 'kernel-uek, ofa-2.6.32-200.16.1.el6uek' package(s) announced via the ELSA-2011-2024 advisory.

Description: Summary:
The remote host is missing an update for the 'kernel-uek, ofa-2.6.32-200.16.1.el6uek' package(s) announced via the ELSA-2011-2024 advisory.

Vulnerability Insight:
[2.6.32-200.16.1.el6uek]
- Revert change to restore DEFAULTKERNEL

[2.6.32-200.15.1.el6uek]
- Add -u parameter to kernel_variant_post to make it work
properly for uek [orabug 12819958]

[2.6.32-200.14.1.el6uek]
- Restore DEFAULTKERNEL value to kernel-uek [orabug 12819958]

[2.6.32-200.13.1.el6uek]
- make default kernel kernel-uek (Kevin Lyons) [orabug 12803424]

[2.6.32-200.12.1.el6uek]
- SCSI: Fix oops dereferencing queue (Martin K. Petersen) [orabug 12741636]

[2.6.32-200.11.1.el6uek]
- inet_diag: fix inet_diag_bc_audit() (Eric Dumazet) [CVE-2011-2213]

[2.6.32-200.10.8.el6uek]
- block: export blk_{get,put}_queue() (Jens Axboe)
- [SCSI] Fix oops caused by queue refcounting failure (James Bottomley)
- [dm-mpath] maintain reference count for underlying devices (Martin K. Petersen)

[2.6.32-200.10.7.el6uek]
- [net] gre: fix netns vs proto registration ordering {CVE-2011-1767}
- [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768}
- [rps] don't free rx_queue until netdevice is freed (Dave Kleikamp) [orabug 11071685]

[2.6.32-200.10.6.el6uek]
- Add entropy generation to nics (John Sobecki) [10622900]
- [SCSI] compat_ioct: fix bsg SG_IO [orabug 12732464]
- ipc/sem.c: error path in try_atomic_semop() left spinlock locked

[2.6.32-200.10.5.el6uek]
- update kabi

[2.6.32-200.10.4.el6uek]
- block: Fix double free in blk_integrity_unregister [orabug 12707880]
- block: Make the integrity mapped property a bio flag [orabug 12707880]
- dm mpath: do not fail paths after integrity errors [orabug 12707880]
- dm ioctl: refactor dm_table_complete [orabug 12707880]
- block: Require subsystems to explicitly allocate bio_set integrity mempool [orabug 12707880]
- dm: improve block integrity support [orabug 12707880]
- sd: Update protection mode strings [orabug 12707880]
- [SCSI] fix propagation of integrity errors [orabug 12707880]
- [SCSI] modify change_queue_depth to take in reason why it is being called [orabug 12707880]
- [SCSI] scsi error: have scsi-ml call change_queue_depth to handle QUEUE_FULL [orabug 12707880]
- [SCSI] add queue_depth ramp up code [orabug 12707880]
- [SCSI] scsi_dh: Change the scsidh_activate interface to be asynchronous [orabug 12707880]
- SCSI: Updated RDAC device handler [orabug 12707880]
- [SCSI] scsi_dh: propagate SCSI device deletion [orabug 12707880]
- [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path [orabug 12707880]
- qla2xxx: Driver update from QLogic [orabug 12707880]
- lpfc 8.3.5.44 driver update from Emulex [orabug 12707880]
- Add Hydra (hxge) support [orabug 12314121]
- update hxge to 1.3.1 [orabug 12314121]
- Hide mwait, TSC invariance and MTRR capability in published CPUID

[2.6.32-200.10.3.el6uek]
- [config] Revert Add some usb devices supported
- [config] make all usb drivers part of the kernel.
- [fs] NFS: Don't SIGBUS if nfs_vm_page_mkwrite races with a cache
invalidation [orabug ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel-uek, ofa-2.6.32-200.16.1.el6uek' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.4

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1767
[oss-security] 20110505 Re: CVE requests - kernel network vulns
http://www.openwall.com/lists/oss-security/2011/05/05/6
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2892f02712e9516d72841d5c019ed6916329794
https://bugzilla.redhat.com/show_bug.cgi?id=702303
https://github.com/torvalds/linux/commit/c2892f02712e9516d72841d5c019ed6916329794
Common Vulnerability Exposure (CVE) ID: CVE-2011-1768
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978
https://github.com/torvalds/linux/commit/d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978
Common Vulnerability Exposure (CVE) ID: CVE-2011-2213
HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
RHSA-2011:0927
http://rhn.redhat.com/errata/RHSA-2011-0927.html
[netdev] 20110601 Re: inet_diag insufficient validation?
http://article.gmane.org/gmane.linux.network/197208
[netdev] 20110601 inet_diag insufficient validation?
http://article.gmane.org/gmane.linux.network/197206
[netdev] 20110603 Re: inet_diag insufficient validation?
http://article.gmane.org/gmane.linux.network/197386
[netdev] 20110617 [PATCH] inet_diag: fix inet_diag_bc_audit()
http://article.gmane.org/gmane.linux.network/198809
[oss-security] 20110620 CVE request: kernel: inet_diag: fix inet_diag_bc_audit()
http://www.openwall.com/lists/oss-security/2011/06/20/1
[oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit()
http://www.openwall.com/lists/oss-security/2011/06/20/13
http://www.openwall.com/lists/oss-security/2011/06/20/16
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d
http://patchwork.ozlabs.org/patch/100857/
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3
https://bugzilla.redhat.com/show_bug.cgi?id=714536

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122106
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2011-2024)
Summary:	The remote host is missing an update for the 'kernel-uek, ofa-2.6.32-200.16.1.el6uek' package(s) announced via the ELSA-2011-2024 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel-uek, ofa-2.6.32-200.16.1.el6uek' package(s) announced via the ELSA-2011-2024 advisory. Vulnerability Insight: [2.6.32-200.16.1.el6uek] - Revert change to restore DEFAULTKERNEL [2.6.32-200.15.1.el6uek] - Add -u parameter to kernel_variant_post to make it work properly for uek [orabug 12819958] [2.6.32-200.14.1.el6uek] - Restore DEFAULTKERNEL value to kernel-uek [orabug 12819958] [2.6.32-200.13.1.el6uek] - make default kernel kernel-uek (Kevin Lyons) [orabug 12803424] [2.6.32-200.12.1.el6uek] - SCSI: Fix oops dereferencing queue (Martin K. Petersen) [orabug 12741636] [2.6.32-200.11.1.el6uek] - inet_diag: fix inet_diag_bc_audit() (Eric Dumazet) [CVE-2011-2213] [2.6.32-200.10.8.el6uek] - block: export blk_{get,put}_queue() (Jens Axboe) - [SCSI] Fix oops caused by queue refcounting failure (James Bottomley) - [dm-mpath] maintain reference count for underlying devices (Martin K. Petersen) [2.6.32-200.10.7.el6uek] - [net] gre: fix netns vs proto registration ordering {CVE-2011-1767} - [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768} - [rps] don't free rx_queue until netdevice is freed (Dave Kleikamp) [orabug 11071685] [2.6.32-200.10.6.el6uek] - Add entropy generation to nics (John Sobecki) [10622900] - [SCSI] compat_ioct: fix bsg SG_IO [orabug 12732464] - ipc/sem.c: error path in try_atomic_semop() left spinlock locked [2.6.32-200.10.5.el6uek] - update kabi [2.6.32-200.10.4.el6uek] - block: Fix double free in blk_integrity_unregister [orabug 12707880] - block: Make the integrity mapped property a bio flag [orabug 12707880] - dm mpath: do not fail paths after integrity errors [orabug 12707880] - dm ioctl: refactor dm_table_complete [orabug 12707880] - block: Require subsystems to explicitly allocate bio_set integrity mempool [orabug 12707880] - dm: improve block integrity support [orabug 12707880] - sd: Update protection mode strings [orabug 12707880] - [SCSI] fix propagation of integrity errors [orabug 12707880] - [SCSI] modify change_queue_depth to take in reason why it is being called [orabug 12707880] - [SCSI] scsi error: have scsi-ml call change_queue_depth to handle QUEUE_FULL [orabug 12707880] - [SCSI] add queue_depth ramp up code [orabug 12707880] - [SCSI] scsi_dh: Change the scsidh_activate interface to be asynchronous [orabug 12707880] - SCSI: Updated RDAC device handler [orabug 12707880] - [SCSI] scsi_dh: propagate SCSI device deletion [orabug 12707880] - [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path [orabug 12707880] - qla2xxx: Driver update from QLogic [orabug 12707880] - lpfc 8.3.5.44 driver update from Emulex [orabug 12707880] - Add Hydra (hxge) support [orabug 12314121] - update hxge to 1.3.1 [orabug 12314121] - Hide mwait, TSC invariance and MTRR capability in published CPUID [2.6.32-200.10.3.el6uek] - [config] Revert Add some usb devices supported - [config] make all usb drivers part of the kernel. - [fs] NFS: Don't SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation [orabug ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel-uek, ofa-2.6.32-200.16.1.el6uek' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.4 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1767 [oss-security] 20110505 Re: CVE requests - kernel network vulns http://www.openwall.com/lists/oss-security/2011/05/05/6 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2892f02712e9516d72841d5c019ed6916329794 https://bugzilla.redhat.com/show_bug.cgi?id=702303 https://github.com/torvalds/linux/commit/c2892f02712e9516d72841d5c019ed6916329794 Common Vulnerability Exposure (CVE) ID: CVE-2011-1768 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 https://github.com/torvalds/linux/commit/d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 Common Vulnerability Exposure (CVE) ID: CVE-2011-2213 HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 RHSA-2011:0927 http://rhn.redhat.com/errata/RHSA-2011-0927.html [netdev] 20110601 Re: inet_diag insufficient validation? http://article.gmane.org/gmane.linux.network/197208 [netdev] 20110601 inet_diag insufficient validation? http://article.gmane.org/gmane.linux.network/197206 [netdev] 20110603 Re: inet_diag insufficient validation? http://article.gmane.org/gmane.linux.network/197386 [netdev] 20110617 [PATCH] inet_diag: fix inet_diag_bc_audit() http://article.gmane.org/gmane.linux.network/198809 [oss-security] 20110620 CVE request: kernel: inet_diag: fix inet_diag_bc_audit() http://www.openwall.com/lists/oss-security/2011/06/20/1 [oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() http://www.openwall.com/lists/oss-security/2011/06/20/13 http://www.openwall.com/lists/oss-security/2011/06/20/16 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d http://patchwork.ozlabs.org/patch/100857/ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3 https://bugzilla.redhat.com/show_bug.cgi?id=714536
Copyright	Copyright (C) 2015 Greenbone AG