Test ID:	1.3.6.1.4.1.25623.1.0.123391
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-0771)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-0771 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-0771 advisory. Vulnerability Insight: [2.6.32-431.20.3] - [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] - [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] [2.6.32-431.20.2] - [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737} - [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737} - [fs] vfs: fix autofs/afs/etc magic mountpoint breakage (Frantisek Hrbata) [1094370 1079347] {CVE-2014-0203} - [char] n_tty: Fix n_tty_write crash when echoing in raw mode (Aristeu Rozanski) [1094236 1094237] {CVE-2014-0196} [2.6.32-431.20.1] - [net] rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF is set (Jiri Pirko) [1092870 1081282] - [net] rtnetlink: Warn when interface's information won't fit in our packet (Jiri Pirko) [1092870 1081282] - [net] bridge: Correctly receive hw-accelerated vlan traffic (Vlad Yasevich) [1096214 1067722] - [net] vlan: Allow accelerated packets to flow through the bridge (Vlad Yasevich) [1096214 1067722] - [infiniband] qib: Add missing serdes init sequence (Doug Ledford) [1080104 1005491] - [infiniband] qib: Fix txselect regression (Doug Ledford) [1080104 1005491] - [netdrv] ixgbevf: fix vlan acceleration (Nikolay Aleksandrov) [1094287 1069028] - [security] selinux: Fix kernel BUG on empty security contexts (Paul Moore) [1062502 1064545] {CVE-2014-1874} - [netdrv] libertas: potential oops in debugfs (Denys Vlasenko) [1034176 1034177] {CVE-2013-6378} - [kernel] cgroup: move put_css_set() after setting CGRP_RELEASABLE bit to fix notify_on_release (Naoya Horiguchi) [1081909 1037465] - ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6378 59262 http://secunia.com/advisories/59262 59309 http://secunia.com/advisories/59309 59406 http://secunia.com/advisories/59406 63886 http://www.securityfocus.com/bid/63886 RHSA-2014:0100 http://rhn.redhat.com/errata/RHSA-2014-0100.html USN-2064-1 http://www.ubuntu.com/usn/USN-2064-1 USN-2065-1 http://www.ubuntu.com/usn/USN-2065-1 USN-2066-1 http://www.ubuntu.com/usn/USN-2066-1 USN-2067-1 http://www.ubuntu.com/usn/USN-2067-1 USN-2070-1 http://www.ubuntu.com/usn/USN-2070-1 USN-2075-1 http://www.ubuntu.com/usn/USN-2075-1 USN-2111-1 http://www.ubuntu.com/usn/USN-2111-1 USN-2112-1 http://www.ubuntu.com/usn/USN-2112-1 USN-2114-1 http://www.ubuntu.com/usn/USN-2114-1 USN-2115-1 http://www.ubuntu.com/usn/USN-2115-1 USN-2116-1 http://www.ubuntu.com/usn/USN-2116-1 [oss-security] 20131122 Linux kernel CVE fixes http://www.openwall.com/lists/oss-security/2013/11/22/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3043.html https://bugzilla.redhat.com/show_bug.cgi?id=1033578 https://github.com/torvalds/linux/commit/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 openSUSE-SU-2014:0204 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html openSUSE-SU-2014:0247 http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0203 59560 http://secunia.com/advisories/59560 68125 http://www.securityfocus.com/bid/68125 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=86acdca1b63e6890540fa19495cfc708beff3d8b http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 https://bugzilla.redhat.com/show_bug.cgi?id=1094363 https://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b Common Vulnerability Exposure (CVE) ID: CVE-2014-1737 BugTraq ID: 67300 http://www.securityfocus.com/bid/67300 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 Debian Security Information: DSA-2928 (Google Search) http://www.debian.org/security/2014/dsa-2928 http://www.openwall.com/lists/oss-security/2014/05/09/2 RedHat Security Advisories: RHSA-2014:0800 http://rhn.redhat.com/errata/RHSA-2014-0800.html RedHat Security Advisories: RHSA-2014:0801 http://rhn.redhat.com/errata/RHSA-2014-0801.html http://www.securitytracker.com/id/1030474 http://secunia.com/advisories/59599 SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1738 BugTraq ID: 67302 http://www.securityfocus.com/bid/67302 Common Vulnerability Exposure (CVE) ID: CVE-2014-1874 65459 http://www.securityfocus.com/bid/65459 SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html USN-2128-1 http://www.ubuntu.com/usn/USN-2128-1 USN-2129-1 http://www.ubuntu.com/usn/USN-2129-1 USN-2133-1 http://www.ubuntu.com/usn/USN-2133-1 USN-2134-1 http://www.ubuntu.com/usn/USN-2134-1 USN-2135-1 http://www.ubuntu.com/usn/USN-2135-1 USN-2136-1 http://www.ubuntu.com/usn/USN-2136-1 USN-2137-1 http://www.ubuntu.com/usn/USN-2137-1 USN-2138-1 http://www.ubuntu.com/usn/USN-2138-1 USN-2139-1 http://www.ubuntu.com/usn/USN-2139-1 USN-2140-1 http://www.ubuntu.com/usn/USN-2140-1 USN-2141-1 http://www.ubuntu.com/usn/USN-2141-1 [oss-security] 20140206 Re: CVE Request: Linux kernel: SELinux local DoS http://www.openwall.com/lists/oss-security/2014/02/07/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4 https://bugzilla.redhat.com/show_bug.cgi?id=1062356 https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98 Common Vulnerability Exposure (CVE) ID: CVE-2014-2039 65700 http://www.securityfocus.com/bid/65700 [oss-security] 20140220 Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction http://www.openwall.com/lists/oss-security/2014/02/20/14 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d7f6690cedb83456edd41c9bd583783f0703bf0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5 https://bugzilla.redhat.com/show_bug.cgi?id=1067558 https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0 Common Vulnerability Exposure (CVE) ID: CVE-2014-3153 BugTraq ID: 67906 http://www.securityfocus.com/bid/67906 Debian Security Information: DSA-2949 (Google Search) http://www.debian.org/security/2014/dsa-2949 http://www.exploit-db.com/exploits/35370 https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html https://github.com/elongl/CVE-2014-3153 https://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.openwall.com/lists/oss-security/2014/06/05/22 http://openwall.com/lists/oss-security/2014/06/05/24 http://openwall.com/lists/oss-security/2014/06/06/20 http://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.securitytracker.com/id/1030451 http://secunia.com/advisories/58500 http://secunia.com/advisories/58990 http://secunia.com/advisories/59029 http://secunia.com/advisories/59092 http://secunia.com/advisories/59153 http://secunia.com/advisories/59386 SuSE Security Announcement: SUSE-SU-2014:0775 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html SuSE Security Announcement: SUSE-SU-2014:0796 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html SuSE Security Announcement: SUSE-SU-2014:0837 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0878 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html http://www.ubuntu.com/usn/USN-2237-1 http://www.ubuntu.com/usn/USN-2240-1
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.