 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.123347 |
| Category: | Oracle Linux Local Security Checks |
| Title: | Oracle: Security Advisory (ELSA-2014-0981) |
| Summary: | The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-0981 advisory. |
| Description: | Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-0981 advisory. Vulnerability Insight: [2.6.32-431.23.3] - [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943} [2.6.32-431.23.2] - [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699} [2.6.32-431.23.1] - [net] ip_tunnel: fix ip_tunnel_find to return NULL in case the tunnel is not there (Jiri Pirko) [1107931 1104503] - [netdrv] bnx2x: Fix kernel crash and data miscompare after EEH recovery (Michal Schmidt) [1109269 1029600] - [netdrv] bnx2x: Adapter not recovery from EEH error injection (Michal Schmidt) [1109269 1029600] - [scsi] qla2xxx: Don't check for firmware hung during the reset context for ISP82XX (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Set host can_queue value based on available resources (Chad Dupuis) [1110658 1054299] - [net] filter: prevent nla extensions to peek beyond the end of the message (Jiri Benc) [1096778 1096779] {CVE-2014-3144 CVE-2014-3145} - [net] bridge: add empty br_mdb_init() and br_mdb_uninit() definitions (Vlad Yasevich) [1106472 1097915] - [net] bridge: Correctly unregister MDB rtnetlink handlers (Vlad Yasevich) [1106472 1097915] - [net] rds: prevent dereference of a NULL device in rds_iw_laddr_check (Radomir Vrbovsky) [1083276 1083277] {CVE-2014-2678} - [s390] crypto: fix aes, des ctr mode concurrency finding (Hendrik Brueckner) [1110168 1096328] - [s390] crypto: fix des and des3_ede ctr concurrency issue (Hendrik Brueckner) [1109885 1065404] - [s390] crypto: fix des and des3_ede cbc concurrency issue (Hendrik Brueckner) [1109883 1065398] - [kernel] futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() (Mateusz Guzik) [1097759 1097760] {CVE-2012-6647} - [libata] ahci: accommodate tag ordered controller (David Milburn) [1099725 1083748] - [net] mac80211: crash dues to AP powersave TX vs. wakeup race (Jacob Tanenbaum) [1083531 1083532] {CVE-2014-2706} - [netdrv] ath9k: tid->sched race in ath_tx_aggr_sleep() (Jacob Tanenbaum) [1083249 1083250] {CVE-2014-2672} - [kernel] hrtimer: Prevent all reprogramming if hang detected (Prarit Bhargava) [1096059 1075805] - [net] ipv4: current group_info should be put after using (Jiri Benc) [1087412 1087414] {CVE-2014-2851} - [kernel] tracing: Reset ring buffer when changing trace_clocks (Marcelo Tosatti) [1093984 1018138] - [net] rds: dereference of a NULL device (Jacob Tanenbaum) [1079218 1079219] {CVE-2013-7339} - [s390] ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-6647 [oss-security] 20140514 Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference http://www.openwall.com/lists/oss-security/2014/05/14/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f7b0a2a5c0fb03be7c25bd1745baa50582348ef http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.1 https://bugzilla.redhat.com/show_bug.cgi?id=1097746 https://github.com/torvalds/linux/commit/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef Common Vulnerability Exposure (CVE) ID: CVE-2013-7339 BugTraq ID: 66351 http://www.securityfocus.com/bid/66351 http://www.openwall.com/lists/oss-security/2014/03/20/14 http://secunia.com/advisories/59386 Common Vulnerability Exposure (CVE) ID: CVE-2014-2672 BugTraq ID: 66492 http://www.securityfocus.com/bid/66492 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://secunia.com/advisories/57468 Common Vulnerability Exposure (CVE) ID: CVE-2014-2678 BugTraq ID: 66543 http://www.securityfocus.com/bid/66543 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html https://lkml.org/lkml/2014/3/29/188 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 Common Vulnerability Exposure (CVE) ID: CVE-2014-2706 BugTraq ID: 66591 http://www.securityfocus.com/bid/66591 http://www.openwall.com/lists/oss-security/2014/04/01/8 http://www.securitytracker.com/id/1038201 http://secunia.com/advisories/60613 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2851 BugTraq ID: 66779 http://www.securityfocus.com/bid/66779 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 https://lkml.org/lkml/2014/4/10/736 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securitytracker.com/id/1030769 http://secunia.com/advisories/59599 Common Vulnerability Exposure (CVE) ID: CVE-2014-3144 58990 http://secunia.com/advisories/58990 59311 http://secunia.com/advisories/59311 59597 http://secunia.com/advisories/59597 60613 67309 http://www.securityfocus.com/bid/67309 DSA-2949 http://www.debian.org/security/2014/dsa-2949 USN-2251-1 http://www.ubuntu.com/usn/USN-2251-1 USN-2252-1 http://www.ubuntu.com/usn/USN-2252-1 USN-2259-1 http://www.ubuntu.com/usn/USN-2259-1 USN-2261-1 http://www.ubuntu.com/usn/USN-2261-1 USN-2262-1 http://www.ubuntu.com/usn/USN-2262-1 USN-2263-1 http://www.ubuntu.com/usn/USN-2263-1 USN-2264-1 http://www.ubuntu.com/usn/USN-2264-1 [oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message http://www.openwall.com/lists/oss-security/2014/05/09/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3 Common Vulnerability Exposure (CVE) ID: CVE-2014-3145 1038201 67321 http://www.securityfocus.com/bid/67321 https://source.android.com/security/bulletin/2017-04-01 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |