| Description: | Summary:
The remote host is missing an update for the 'dtrace-modules-3.8.13-68.el6uek, dtrace-modules-3.8.13-68.el7uek, kernel-uek' package(s) announced via the ELSA-2015-3012 advisory.
Vulnerability Insight:
kernel-uek
[3.8.13-68]
- ttusb-dec: buffer overflow in ioctl (Dan Carpenter) [Orabug: 20673373] {CVE-2014-8884}
- mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673279] {CVE-2014-8173}
- netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20673235] {CVE-2014-8160}
[3.8.13-67]
- sparc64: Remove deprecated __GFP_NOFAIL from mdesc_kmalloc (Eric Snowberg) [Orabug: 20055909]
- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618880]
- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618880]
- xen-netfront: Fix handling packets on compound pages with skb_linearize (Zoltan Kiss) [Orabug: 19546077]
- qla2xxx: Add adapter checks for FAWWN functionality. (Saurav Kashyap) [Orabug: 20474227]
- config: enable CONFIG_MODULE_SIG_SHA512 (Guangyu Sun) [Orabug: 20611400]
- net: rds: use correct size for max unacked packets and bytes (Sasha Levin) [Orabug: 20585918]
- watchdog: w83697hf_wdt: return ENODEV if no device was found (Stanislav Kholmanskikh) [Orabug: 18122938]
- NVMe: Disable pci before clearing queue (Keith Busch) [Orabug: 20564650]
[3.8.13-66]
- bnx2fc: upgrade to 2.8.2 (Dan Duval) [Orabug: 20523502]
- bnx2i: upgrade to 2.11.0.0 (Dan Duval) [Orabug: 20523502]
- bnx2x: upgrade to 1.712.10 (Dan Duval) [Orabug: 20523502]
- cnic: upgrade to 2.721.01 (Dan Duval) [Orabug: 20523502]
- bnx2: upgrade to 2.712.01 (Dan Duval) [Orabug: 20523502]
- Update lpfc version for 10.6.61 (rkennedy) [Orabug: 20539686]
- Remove consolidated merge lines from previous patch, they require a 3.19 kernel to build with. (rkennedy) [Orabug: 20539686]
- Implement support for wire-only DIF devices (rkennedy) [Orabug: 20539686]
- lpfc: Update copyright to 2015 (rkennedy) [Orabug: 20539686]
- lpfc: Update Copyright on changed files (James Smart) [Orabug: 20539686]
- lpfc: Fix for lun discovery issue with 8Gig adapter. (rkennedy) [Orabug: 20539686]
- lpfc: Fix crash in device reset handler. (rkennedy) [Orabug: 20539686]
- lpfc: application causes OS crash when running diagnostics (rkennedy) [Orabug: 20539686]
- lpfc: Fix internal loopback failure (rkennedy) [Orabug: 20539686]
- lpfc: Fix premature release of rpi bit in bitmask (rkennedy) [Orabug: 20539686]
- lpfc: Initiator sends wrong BBCredit value for either FLOGI or FLOGI_ACC (rkennedy) [Orabug: 20539686]
- lpfc: Fix null ndlp dereference in target_reset_handler (rkennedy) [Orabug: 20539686]
- lpfc: Fix FDMI Fabric support (rkennedy) [Orabug: 20539686]
- lpfc: Fix provide host name and OS name in RSNN-NN FC-GS command (rkennedy) [Orabug: 20539686]
- lpfc: Parse the new 20G, 25G and 40G link speeds in the lpfc driver (rkennedy) [Orabug: 20539686]
- lpfc: lpfc does not support option_rom_version sysfs attribute on newer adapters (rkennedy) [Orabug: 20539686]
- lpfc: Fix setting of EQ delay Multiplier (rkennedy) [Orabug: ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'dtrace-modules-3.8.13-68.el6uek, dtrace-modules-3.8.13-68.el7uek, kernel-uek' package(s) on Oracle Linux 6, Oracle Linux 7.
Solution:
Please install the updated package(s).
CVSS Score:
4.9
CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
