Test ID:	1.3.6.1.4.1.25623.1.0.123328
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-3070)
Summary:	The remote host is missing an update for the 'dtrace-modules-3.8.13-44.el6uek, dtrace-modules-3.8.13-44.el7uek, kernel-uek' package(s) announced via the ELSA-2014-3070 advisory.
Description:	Summary: The remote host is missing an update for the 'dtrace-modules-3.8.13-44.el6uek, dtrace-modules-3.8.13-44.el7uek, kernel-uek' package(s) announced via the ELSA-2014-3070 advisory. Vulnerability Insight: kernel-uek [3.8.13-44] - net: Use netlink_ns_capable to verify the permissions of netlink messages (Eric W. Biederman) [Orabug: 19404229] {CVE-2014-0181} - net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404229] - net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404229] - netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404229] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404238] {CVE-2014-4667} - Revert 'xen/fb: allow xenfb initialization for hvm guests' (Vaughan Cao) [Orabug: 19320529] [3.8.13-43] - init: fix in-place parameter modification regression (Krzysztof Mazur) [Orabug: 18954967] - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (K. Y. Srinivasan) [Orabug: 19280065] - drivers: scsi: storvsc: Set srb_flags in all cases (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Implement a timedout handler (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Filter commands based on the storage protocol version (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Change the limits to reflect the values on the host (K. Y. Srinivasan) [Orabug: 19280065] [3.8.13-42] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315780] {CVE-2014-3144} {CVE-2014-3145} [3.8.13-41] - rds: Lost locking in loop connection freeing (Pavel Emelyanov) [Orabug: 19124446] - ocfs2/o2net: incorrect to terminate accepting connections loop upon rejecting an invalid one (Tariq Saeed) [Orabug: 19296823] - xen/pciback: Don't deadlock when unbinding. (Konrad Rzeszutek Wilk) [Orabug: 19296592] - PCI: Split out pci_dev lock/unlock and save/restore (Alex Williamson) [Orabug: 19296592] [3.8.13-40] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19228689] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19222017] {CVE-2014-4699} - mpt3sas: Rework the MSI-X code to work on systems with many processors (Martin K. Petersen) [Orabug: 18182490] - mpt2sas: Rework the MSI-X code to work on systems with many processors (Martin K. Petersen) [Orabug: 18182490] - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Added Reply Descriptor Post Queue (RDPQ) Array support (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Bump mpt3sas driver version to 03.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Added OEM branding Strings (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: MPI2.5 Rev H (2.5.3) specifications (Reddy, ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'dtrace-modules-3.8.13-44.el6uek, dtrace-modules-3.8.13-44.el7uek, kernel-uek' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2930 RedHat Security Advisories: RHSA-2014:0100 http://rhn.redhat.com/errata/RHSA-2014-0100.html http://www.ubuntu.com/usn/USN-2068-1 http://www.ubuntu.com/usn/USN-2070-1 http://www.ubuntu.com/usn/USN-2071-1 http://www.ubuntu.com/usn/USN-2072-1 http://www.ubuntu.com/usn/USN-2074-1 http://www.ubuntu.com/usn/USN-2075-1 http://www.ubuntu.com/usn/USN-2076-1 http://www.ubuntu.com/usn/USN-2112-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4579 USN-2113-1 http://www.ubuntu.com/usn/USN-2113-1 USN-2117-1 http://www.ubuntu.com/usn/USN-2117-1 USN-2133-1 http://www.ubuntu.com/usn/USN-2133-1 USN-2134-1 http://www.ubuntu.com/usn/USN-2134-1 USN-2135-1 http://www.ubuntu.com/usn/USN-2135-1 USN-2136-1 http://www.ubuntu.com/usn/USN-2136-1 USN-2138-1 http://www.ubuntu.com/usn/USN-2138-1 USN-2139-1 http://www.ubuntu.com/usn/USN-2139-1 USN-2141-1 http://www.ubuntu.com/usn/USN-2141-1 [ath9k-devel] 20131110 Security Bug: MAC address not properly configured https://lists.ath9k.org/pipermail/ath9k-devel/2013-November/012215.html [oss-security] 20131114 Re: CVE request: ath9k_htc improperly updates MAC address http://www.openwall.com/lists/oss-security/2013/11/15/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729573 http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1690 USN-2137-1 http://www.ubuntu.com/usn/USN-2137-1 USN-2140-1 http://www.ubuntu.com/usn/USN-2140-1 USN-2158-1 http://www.ubuntu.com/usn/USN-2158-1 [oss-security] 20140128 Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper http://www.openwall.com/lists/oss-security/2014/01/28/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 https://bugzilla.redhat.com/show_bug.cgi?id=1058748 https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.