Test ID:	1.3.6.1.4.1.25623.1.0.122239
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2011-0283)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2011-0283 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2011-0283 advisory. Vulnerability Insight: [2.6.32-71.18.1.el6] - [netdrv] ixgbe: make sure FCoE DDP user buffers are really released by the HW (Frantisek Hrbata) [674002 617193] - [netdrv] ixgbe: invalidate FCoE DDP context when no error status is available (Frantisek Hrbata) [674002 617193] - [netdrv] ixgbe: avoid doing FCoE DDP when adapter is DOWN or RESETTING (Frantisek Hrbata) [674002 617193] - [fcoe] libfc: remove tgt_flags from fc_fcp_pkt struct (Mike Christie) [666797 633915] - [fcoe] libfc: use rport timeout values for fcp recovery (Frantisek Hrbata) [666797 633915] - [fcoe] libfc: incorrect scsi host byte codes returned to scsi-ml (Mike Christie) [666797 633915] - [scsi] scsi_dh_alua: fix overflow in alua_rtpg port group id check (Mike Snitzer) [673978 670572] [2.6.32-71.17.1.el6] - [s390x] kdump: allow zfcpdump to mount and write to ext4 file systems (Amerigo Wang) [661667 628676] - [scsi] qla2xxx: Properly set the return value in function qla2xxx_eh_abort (Chad Dupuis) [664398 635710] - [scsi] qla2xxx: Drop srb reference before waiting for completion (Chad Dupuis) [664398 635710] - [virt] KVM: VMX: Really clear cr0.ts when giving the guest ownership of the fpu (Avi Kivity) [658891 645898] - [virt] KVM: SVM: Initialize fpu_active in init_vmcb() (Avi Kivity) [658891 645898] - [virt] KVM: x86: Use unlazy_fpu() for host FPU (Avi Kivity) [658891 645898] - [virt] KVM: Set cr0.et when the guest writes cr0 (Avi Kivity) [658891 645898] - [virt] KVM: VMX: Give the guest ownership of cr0.ts when the fpu is active (Avi Kivity) [658891 645898] - [virt] KVM: Lazify fpu activation and deactivation (Avi Kivity) [658891 645898] - [virt] KVM: VMX: Allow the guest to own some cr0 bits (Avi Kivity) [658891 645898] - [virt] KVM: Replace read accesses of vcpu->arch.cr0 by an accessor (Avi Kivity) [658891 645898] - [virt] KVM: VMX: trace clts and lmsw instructions as cr accesses (Avi Kivity) [658891 645898] [2.6.32-71.16.1.el6] - [net] ipsec: fragment locally generated tunnel-mode IPSec6 packets as needed (Herbert Xu) [670421 661113] - [net] tcp: Increase TCP_MAXSEG socket option minimum to TCP_MIN_MSS (Frantisek Hrbata) [652510 652511] {CVE-2010-4165} - [perf] perf_events: Fix perf_counter_mmap() hook in mprotect() (Oleg Nesterov) [651672 651673] {CVE-2010-4169} - [md] dm mpath: revert 'dm: Call blk_abort_queue on failed paths' (Mike Snitzer) [658854 636771] - [x86] UV: Address interrupt/IO port operation conflict (George Beshers) [662921 659480] - [mm] guard page for stacks that grow upwards (Johannes Weiner) [666796 630562] - [scsi] enable state transitions from OFFLINE to RUNNING (Mike Christie) [660590 643237] - [scsi] set queue limits no_cluster for stacked devices (Mike Snitzer) [662050 658293] - [mm] Out-of-memory under memory cgroup can call both of oom-killer-for-memcg and oom-killer-for-page-fault (Larry Woodman) [661732 592879] - [scsi] libfc: possible race could panic system due to NULL fsp->cmd (Mike ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4165 42778 http://secunia.com/advisories/42778 42801 http://secunia.com/advisories/42801 42932 http://secunia.com/advisories/42932 44830 http://www.securityfocus.com/bid/44830 69241 http://www.osvdb.org/69241 8111 http://securityreason.com/securityalert/8111 8123 http://securityreason.com/securityalert/8123 ADV-2011-0012 http://www.vupen.com/english/advisories/2011/0012 ADV-2011-0124 http://www.vupen.com/english/advisories/2011/0124 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 MDVSA-2011:029 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 SUSE-SA:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html SUSE-SA:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html SUSE-SA:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html [netdev] 20101110 Re: possible kernel oops from user MSS http://www.spinics.net/lists/netdev/msg146495.html [netdev] 20101110 possible kernel oops from user MSS http://www.spinics.net/lists/netdev/msg146405.html [oss-security] 20101112 CVE request: kernel: possible kernel oops from user MSS http://www.openwall.com/lists/oss-security/2010/11/12/1 [oss-security] 20101112 Re: CVE request: kernel: possible kernel oops from user MSS http://www.openwall.com/lists/oss-security/2010/11/12/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 https://bugzilla.redhat.com/show_bug.cgi?id=652508 Common Vulnerability Exposure (CVE) ID: CVE-2010-4169 42745 http://secunia.com/advisories/42745 44861 http://www.securityfocus.com/bid/44861 ADV-2010-3321 http://www.vupen.com/english/advisories/2010/3321 FEDORA-2010-18983 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html RHSA-2010:0958 http://www.redhat.com/support/errata/RHSA-2010-0958.html [oss-security] 20101115 CVE request: kernel: perf bug http://marc.info/?l=oss-security&m=128979684911295&w=2 [oss-security] 20101115 Re: CVE request: kernel: perf bug http://marc.info/?l=oss-security&m=128984344103497&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=63bfd7384b119409685a17d5c58f0b56e5dc03da https://bugzilla.redhat.com/show_bug.cgi?id=651671 kernel-perfeventmmap-dos(63316) https://exchange.xforce.ibmcloud.com/vulnerabilities/63316 Common Vulnerability Exposure (CVE) ID: CVE-2010-4243 15619 http://www.exploit-db.com/exploits/15619 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42884 http://secunia.com/advisories/42884 45004 http://www.securityfocus.com/bid/45004 46397 http://secunia.com/advisories/46397 RHSA-2011:0017 http://www.redhat.com/support/errata/RHSA-2011-0017.html [linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer http://lkml.org/lkml/2010/8/27/429 [linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer http://lkml.org/lkml/2010/8/29/206 http://lkml.org/lkml/2010/8/30/138 http://lkml.org/lkml/2010/8/30/378 [linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html [oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads http://openwall.com/lists/oss-security/2010/11/22/6 [oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads http://openwall.com/lists/oss-security/2010/11/22/15 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c http://grsecurity.net/~spender/64bit_dos.c http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=625688 linux-kernel-execve-dos(64700) https://exchange.xforce.ibmcloud.com/vulnerabilities/64700
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.