English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.123190
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2015-3004)
Summary:The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2015-3004 advisory.
Description:Summary:
The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2015-3004 advisory.

Vulnerability Insight:
[2.6.39-400.246.2]
- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425333] {CVE-2014-7841}

[2.6.39-400.246.1]
- sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [Orabug: 20148169]
- include/linux/math64.h: add div64_ul() (Alex Shi)
- deadlock when two nodes are converting same lock from PR to EX and idletimeout closes conn (Tariq Saeed) [Orabug: 18639535]
- bonding: Bond master should reflect slave's features. (Ashish Samant) [Orabug: 20231825]
- x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20239143]
- x86, fpu: remove cpu_has_xmm check in the fx_finit() (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: make eagerfpu= boot param tri-state (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: enable eagerfpu by default for xsaveopt (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: decouple non-lazy/eager fpu restore from xsave (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: use non-lazy fpu restore for processors supporting xsave (Suresh Siddha) [Orabug: 20239143]
- lguest, x86: handle guest TS bit for lazy/non-lazy fpu host models (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: always use kernel_fpu_begin/end() for in-kernel FPU usage (Suresh Siddha) [Orabug: 20239143]
- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Suresh Siddha) [Orabug: 20239143]
- raid5: add AVX optimized RAID5 checksumming (Jim Kukunas) [Orabug: 20239143]
- x86, fpu: drop the fpu state during thread exit (Suresh Siddha) [Orabug: 20239143]
- x32: Add a thread flag for x32 processes (H. Peter Anvin) [Orabug: 20239143]
- x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels (Suresh Siddha) [Orabug: 20239143]
- x86, fpu: Consolidate inline asm routines for saving/restoring fpu state (Suresh Siddha) [Orabug: 20239143]
- x86, signal: Cleanup ifdefs and is_ia32, is_x32 (Suresh Siddha) [Orabug: 20239143]
into exported and internal interfaces (Linus Torvalds) [Orabug: 20239143]
- i387: Uninline the generic FP helpers that we expose to kernel modules (Linus Torvalds) [Orabug: 20239143]
- i387: use 'restore_fpu_checking()' directly in task switching code (Linus Torvalds) [Orabug: 20239143]
- i387: fix up some fpu_counter confusion (Linus Torvalds) [Orabug: 20239143]

Affected Software/OS:
'kernel-uek' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-7841
62305
http://secunia.com/advisories/62305
62597
http://secunia.com/advisories/62597
62735
http://secunia.com/advisories/62735
71081
http://www.securityfocus.com/bid/71081
DSA-3093
http://www.debian.org/security/2014/dsa-3093
RHSA-2015:0087
http://rhn.redhat.com/errata/RHSA-2015-0087.html
RHSA-2015:0102
http://rhn.redhat.com/errata/RHSA-2015-0102.html
RHSA-2015:0284
http://rhn.redhat.com/errata/RHSA-2015-0284.html
RHSA-2015:0285
http://rhn.redhat.com/errata/RHSA-2015-0285.html
RHSA-2015:0695
http://rhn.redhat.com/errata/RHSA-2015-0695.html
SUSE-SU-2015:0481
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SUSE-SU-2015:0529
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
SUSE-SU-2015:0652
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
[oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
http://www.openwall.com/lists/oss-security/2014/11/13/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864
http://linux.oracle.com/errata/ELSA-2015-3004.html
http://linux.oracle.com/errata/ELSA-2015-3005.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
https://bugzilla.redhat.com/show_bug.cgi?id=1163087
https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864
https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html
openSUSE-SU-2015:0566
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.