Test ID:	1.3.6.1.4.1.25623.1.0.123437
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-3014)
Summary:	The remote host is missing an update for the 'dtrace-modules-3.8.13-26.2.2.el6uek, kernel-uek' package(s) announced via the ELSA-2014-3014 advisory.
Description:	Summary: The remote host is missing an update for the 'dtrace-modules-3.8.13-26.2.2.el6uek, kernel-uek' package(s) announced via the ELSA-2014-3014 advisory. Vulnerability Insight: kernel-uek [3.8.13-26.2.2.el6uek] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18421673] {CVE-2014-2523} - cifs: ensure that uncached writes handle unmapped areas correctly (Jeff Layton) [Orabug: 18461067] {CVE-2014-0069} {CVE-2014-0069} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461065] {CVE-2014-0101} - vhost-net: insufficient handling of error conditions in get_rx_bufs() (Guangyu Sun) [Orabug: 18461050] {CVE-2014-0055} Affected Software/OS: 'dtrace-modules-3.8.13-26.2.2.el6uek, kernel-uek' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0055 59386 http://secunia.com/advisories/59386 66441 http://www.securityfocus.com/bid/66441 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html https://bugzilla.redhat.com/show_bug.cgi?id=1062577 Common Vulnerability Exposure (CVE) ID: CVE-2014-0069 65588 http://www.securityfocus.com/bid/65588 SUSE-SU-2014:0459 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html [linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly http://article.gmane.org/gmane.linux.kernel.cifs/9401 [oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes http://www.openwall.com/lists/oss-security/2014/02/17/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f https://bugzilla.redhat.com/show_bug.cgi?id=1064253 https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f Common Vulnerability Exposure (CVE) ID: CVE-2014-0101 59216 http://secunia.com/advisories/59216 65943 http://www.securityfocus.com/bid/65943 RHSA-2014:0419 http://rhn.redhat.com/errata/RHSA-2014-0419.html RHSA-2014:0432 http://rhn.redhat.com/errata/RHSA-2014-0432.html USN-2173-1 http://www.ubuntu.com/usn/USN-2173-1 USN-2174-1 http://www.ubuntu.com/usn/USN-2174-1 [oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk http://www.openwall.com/lists/oss-security/2014/03/04/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html https://bugzilla.redhat.com/show_bug.cgi?id=1070705 https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729 Common Vulnerability Exposure (CVE) ID: CVE-2014-2523 BugTraq ID: 66279 http://www.securityfocus.com/bid/66279 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securitytracker.com/id/1029945 http://secunia.com/advisories/57446 XForce ISS Database: linux-kernel-cve20142523-code-exec(91910) https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.