English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.123411
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2014-3034)
Summary:The remote host is missing an update for the 'dtrace-modules-3.8.13-35.el6uek, kernel-uek' package(s) announced via the ELSA-2014-3034 advisory.
Description:Summary:
The remote host is missing an update for the 'dtrace-modules-3.8.13-35.el6uek, kernel-uek' package(s) announced via the ELSA-2014-3034 advisory.

Vulnerability Insight:
kernel-uek
[3.8.13-35.el6uek]
- n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18754908] {CVE-2014-0196} {CVE-2014-0196}

[3.8.13-34.el6uek]
- aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721960] {CVE-2013-6383}
- vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721975] {CVE-2014-0077}

[3.8.13-33.el6uek]
- dtrace: ensure one can try to get user pages without locking or faulting (Kris Van Hees) [Orabug: 18653173]
- ipv6: don't set DST_NOCOUNT for remotely added routes (Sabrina Dubroca) [Orabug: 18681501] {CVE-2014-2309}
- kvm: x86: fix emulator buffer overflow (CVE-2014-0049) (Andrew Honig) [Orabug: 18681519] {CVE-2014-0049}
- ib_core: fmr pool hard lock up when cache enabled (Shamir Rabinovitch) [Orabug: 18408531]
- bnx2x: disable PTP clock support (Jerry Snitselaar) [Orabug: 18605376]
- x86, mm: Revert back good_end setting for 64bit (Brian Maly) [Orabug: 17648536]
- IB/sdp: disable APM by default (Shamir Rabinovitch) [Orabug: 18443201]
- vxlan: kernel panic when bringing up vxlan (Venkat Venkatsubra) [Orabug: 18295741]
- ocfs2: call ocfs2_update_inode_fsync_trans when updating any inode (Darrick J. Wong) [Orabug: 18257094]
- ocfs2: improve fsync efficiency and fix deadlock between aio_write and sync_file (Darrick J. Wong) [Orabug: 18257094]
- Revert 'ocfs2: fix i_mutex deadlock between aio_write and sync_file' (Jerry Snitselaar) [Orabug: 18257094]
- config: align with rhck (Jerry Snitselaar) [Orabug: 18685975]
- config: disable atmel drivers for ol7 (Jerry Snitselaar) [Orabug: 18665656]
- config: enable support for squashfs features (Jerry Snitselaar) [Orabug: 18655723]
- qla4xxx: Update driver version to v5.04.00.05.06.02-uek3 (Tej Parkash) [Orabug: 18552248]
- net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603519] {CVE-2014-2851}

[3.8.13-32.el6uek]
- mm / dtrace: Allow DTrace to entirely disable page faults. (Nick Alcock) [Orabug: 18412802]
- mm: allow __get_user_pages() callers to avoid triggering page faults. (Nick Alcock) [Orabug: 18412802]
- config: enable nfs client support for rdma (Jerry Snitselaar) [Orabug: 18560595]
- NFS: Fix negative overflow in SETATTR timestamps (Chuck Lever) [Orabug: 18476361]
- NFS: Transfer full int64 for NFSv4 SETATTR timestamps (Chuck Lever) [Orabug: 18476361]
- NFS: Block file size updates during async READ (Chuck Lever) [Orabug: 18391310]
- NFS: Use an RPC/RDMA long request for NFS symlink operations (Chuck Lever) [Orabug: 18261861]
- SUNRPC: Support long RPC/RDMA requests (Chuck Lever) [Orabug: 18261861]
- xprtrdma: Split the completion queue (Chuck Lever) [Orabug: 18560595]
- xprtrdma: Make rpcrdma_ep_destroy() return void (Chuck Lever) [Orabug: 18560595]
- xprtrdma: Simplify rpcrdma_deregister_external() synopsis (Chuck Lever) [Orabug: 18560595]
- xprtrdma: Remove support for MEMWINDOWS ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'dtrace-modules-3.8.13-35.el6uek, kernel-uek' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.4

CVSS Vector:
AV:A/AC:M/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4587
USN-2109-1
http://www.ubuntu.com/usn/USN-2109-1
USN-2110-1
http://www.ubuntu.com/usn/USN-2110-1
USN-2113-1
http://www.ubuntu.com/usn/USN-2113-1
USN-2117-1
http://www.ubuntu.com/usn/USN-2117-1
USN-2128-1
http://www.ubuntu.com/usn/USN-2128-1
USN-2129-1
http://www.ubuntu.com/usn/USN-2129-1
USN-2135-1
http://www.ubuntu.com/usn/USN-2135-1
USN-2136-1
http://www.ubuntu.com/usn/USN-2136-1
USN-2138-1
http://www.ubuntu.com/usn/USN-2138-1
USN-2139-1
http://www.ubuntu.com/usn/USN-2139-1
USN-2141-1
http://www.ubuntu.com/usn/USN-2141-1
[oss-security] 20131212 Re: [vs-plain] kvm issues
http://www.openwall.com/lists/oss-security/2013/12/12/12
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96
https://bugzilla.redhat.com/show_bug.cgi?id=1030986
https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
openSUSE-SU-2014:0204
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
openSUSE-SU-2014:0205
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
openSUSE-SU-2014:0247
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6885
1029415
http://www.securitytracker.com/id/1029415
55840
http://secunia.com/advisories/55840
63983
http://www.securityfocus.com/bid/63983
DSA-3128
http://www.debian.org/security/2015/dsa-3128
FEDORA-2013-22754
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html
FEDORA-2013-22866
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html
FEDORA-2013-22888
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html
GLSA-201407-03
http://security.gentoo.org/glsa/glsa-201407-03.xml
RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
SUSE-SU-2014:0372
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
SUSE-SU-2014:0373
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
SUSE-SU-2014:0411
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SUSE-SU-2014:0446
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SUSE-SU-2014:0459
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
SUSE-SU-2014:0470
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
[kernel] 20111225 Buildworld loop seg-fault update -- I believe it is hardware
http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html
[oss-security] 20131127 CVE-2013-6885 AMD Publ. 51810 Errata 793 system hang
http://openwall.com/lists/oss-security/2013/11/28/1
[oss-security] 20131202 Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host to hang
http://www.openwall.com/lists/oss-security/2013/12/02/1
http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf
http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924
https://bugzilla.redhat.com/show_bug.cgi?id=1035823
xen-cve20136885-dos(89335)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89335
Common Vulnerability Exposure (CVE) ID: CVE-2013-7266
http://www.openwall.com/lists/oss-security/2013/12/31/7
http://secunia.com/advisories/55882
http://secunia.com/advisories/56036
Common Vulnerability Exposure (CVE) ID: CVE-2014-0038
31346
http://www.exploit-db.com/exploits/31346
31347
http://www.exploit-db.com/exploits/31347
40503
https://www.exploit-db.com/exploits/40503/
56669
http://secunia.com/advisories/56669
65255
http://www.securityfocus.com/bid/65255
MDVSA-2014:038
http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
USN-2094-1
http://www.ubuntu.com/usn/USN-2094-1
USN-2095-1
http://www.ubuntu.com/usn/USN-2095-1
USN-2096-1
http://www.ubuntu.com/usn/USN-2096-1
[oss-security] 20140131 Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)
http://www.openwall.com/lists/oss-security/2014/01/31/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268
http://pastebin.com/raw.php?i=DH3Lbg54
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2
https://bugzilla.redhat.com/show_bug.cgi?id=1060023
https://code.google.com/p/chromium/issues/detail?id=338594
https://github.com/saelo/cve-2014-0038
https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268
Common Vulnerability Exposure (CVE) ID: CVE-2014-0049
[oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access
http://www.openwall.com/lists/oss-security/2014/03/03/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a08d3b3b99efd509133946056531cdf8f3a0c09b
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6
https://bugzilla.redhat.com/show_bug.cgi?id=1062368
https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b
Common Vulnerability Exposure (CVE) ID: CVE-2014-0196
106646
http://www.osvdb.org/106646
33516
http://www.exploit-db.com/exploits/33516
59218
http://secunia.com/advisories/59218
59262
http://secunia.com/advisories/59262
59599
http://secunia.com/advisories/59599
DSA-2926
http://www.debian.org/security/2014/dsa-2926
DSA-2928
http://www.debian.org/security/2014/dsa-2928
RHSA-2014:0512
http://rhn.redhat.com/errata/RHSA-2014-0512.html
SUSE-SU-2014:0667
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
SUSE-SU-2014:0683
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
USN-2196-1
http://www.ubuntu.com/usn/USN-2196-1
USN-2197-1
http://www.ubuntu.com/usn/USN-2197-1
USN-2198-1
http://www.ubuntu.com/usn/USN-2198-1
USN-2199-1
http://www.ubuntu.com/usn/USN-2199-1
USN-2200-1
http://www.ubuntu.com/usn/USN-2200-1
USN-2201-1
http://www.ubuntu.com/usn/USN-2201-1
USN-2202-1
http://www.ubuntu.com/usn/USN-2202-1
USN-2203-1
http://www.ubuntu.com/usn/USN-2203-1
USN-2204-1
http://www.ubuntu.com/usn/USN-2204-1
[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption
http://www.openwall.com/lists/oss-security/2014/05/05/6
http://bugzilla.novell.com/show_bug.cgi?id=875690
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://pastebin.com/raw.php?i=yTSFUBgZ
http://source.android.com/security/bulletin/2016-07-01.html
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
https://bugzilla.redhat.com/show_bug.cgi?id=1094232
https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
Common Vulnerability Exposure (CVE) ID: CVE-2014-2309
BugTraq ID: 66095
http://www.securityfocus.com/bid/66095
http://www.openwall.com/lists/oss-security/2014/03/08/1
http://www.securitytracker.com/id/1029894
http://secunia.com/advisories/57250
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.