Test ID:	1.3.6.1.4.1.25623.1.0.123448
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-0285-1)
Summary:	The remote host is missing an update for the 'kernel, ocfs2-2.6.18-371.6.1.0.1.el5, oracleasm-2.6.18-371.6.1.0.1.el5' package(s) announced via the ELSA-2014-0285-1 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-371.6.1.0.1.el5, oracleasm-2.6.18-371.6.1.0.1.el5' package(s) announced via the ELSA-2014-0285-1 advisory. Vulnerability Insight: kernel [2.6.18-371.6.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] Affected Software/OS: 'kernel, ocfs2-2.6.18-371.6.1.0.1.el5, oracleasm-2.6.18-371.6.1.0.1.el5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2929 BugTraq ID: 64111 http://www.securityfocus.com/bid/64111 RedHat Security Advisories: RHSA-2014:0100 http://rhn.redhat.com/errata/RHSA-2014-0100.html RedHat Security Advisories: RHSA-2014:0159 http://rhn.redhat.com/errata/RHSA-2014-0159.html RedHat Security Advisories: RHSA-2014:0285 http://rhn.redhat.com/errata/RHSA-2014-0285.html RedHat Security Advisories: RHSA-2018:1252 https://access.redhat.com/errata/RHSA-2018:1252 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.ubuntu.com/usn/USN-2070-1 http://www.ubuntu.com/usn/USN-2075-1 http://www.ubuntu.com/usn/USN-2109-1 http://www.ubuntu.com/usn/USN-2110-1 http://www.ubuntu.com/usn/USN-2111-1 http://www.ubuntu.com/usn/USN-2112-1 http://www.ubuntu.com/usn/USN-2114-1 http://www.ubuntu.com/usn/USN-2115-1 http://www.ubuntu.com/usn/USN-2116-1 http://www.ubuntu.com/usn/USN-2128-1 http://www.ubuntu.com/usn/USN-2129-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4483 RHSA-2014:0285 RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html [oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races http://www.openwall.com/lists/oss-security/2013/10/30/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6062a8dc0517bce23e3c2f7d2fea5e22411269a3 https://bugzilla.redhat.com/show_bug.cgi?id=1024854 https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 openSUSE-SU-2014:0247 http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4554 GLSA-201407-03 http://security.gentoo.org/glsa/glsa-201407-03.xml SUSE-SU-2014:0372 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html SUSE-SU-2014:0411 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html SUSE-SU-2014:0446 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html SUSE-SU-2014:0470 http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html [oss-security] 20131126 Xen Security Advisory 76 (CVE-2013-4554) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests http://www.openwall.com/lists/oss-security/2013/11/26/9 openSUSE-SU-2013:1876 http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6381 63890 http://www.securityfocus.com/bid/63890 RHSA-2014:0159 RHSA-2014:0284 http://rhn.redhat.com/errata/RHSA-2014-0284.html [oss-security] 20131122 Linux kernel CVE fixes http://www.openwall.com/lists/oss-security/2013/11/22/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fb392b1a63ae36c31f62bc3fc8630b49d602b62 https://bugzilla.redhat.com/show_bug.cgi?id=1033600 https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62 Common Vulnerability Exposure (CVE) ID: CVE-2013-6383 RHSA-2014:0100 USN-2066-1 http://www.ubuntu.com/usn/USN-2066-1 USN-2067-1 http://www.ubuntu.com/usn/USN-2067-1 USN-2068-1 http://www.ubuntu.com/usn/USN-2068-1 USN-2069-1 http://www.ubuntu.com/usn/USN-2069-1 USN-2070-1 USN-2071-1 http://www.ubuntu.com/usn/USN-2071-1 USN-2072-1 http://www.ubuntu.com/usn/USN-2072-1 USN-2073-1 http://www.ubuntu.com/usn/USN-2073-1 USN-2074-1 http://www.ubuntu.com/usn/USN-2074-1 USN-2075-1 USN-2076-1 http://www.ubuntu.com/usn/USN-2076-1 USN-2107-1 http://www.ubuntu.com/usn/USN-2107-1 USN-2108-1 http://www.ubuntu.com/usn/USN-2108-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f856567b930dfcdbc3323261bf77240ccdde01f5 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.8 https://bugzilla.redhat.com/show_bug.cgi?id=1033530 https://github.com/torvalds/linux/commit/f856567b930dfcdbc3323261bf77240ccdde01f5 Common Vulnerability Exposure (CVE) ID: CVE-2013-6885 1029415 http://www.securitytracker.com/id/1029415 55840 http://secunia.com/advisories/55840 63983 http://www.securityfocus.com/bid/63983 DSA-3128 http://www.debian.org/security/2015/dsa-3128 FEDORA-2013-22754 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html FEDORA-2013-22866 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html FEDORA-2013-22888 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html SUSE-SU-2014:0373 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html SUSE-SU-2014:0459 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html [kernel] 20111225 Buildworld loop seg-fault update -- I believe it is hardware http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html [oss-security] 20131127 CVE-2013-6885 AMD Publ. 51810 Errata 793 system hang http://openwall.com/lists/oss-security/2013/11/28/1 [oss-security] 20131202 Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host to hang http://www.openwall.com/lists/oss-security/2013/12/02/1 http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924 https://bugzilla.redhat.com/show_bug.cgi?id=1035823 xen-cve20136885-dos(89335) https://exchange.xforce.ibmcloud.com/vulnerabilities/89335 Common Vulnerability Exposure (CVE) ID: CVE-2013-7263 http://www.openwall.com/lists/oss-security/2013/11/28/13 http://seclists.org/oss-sec/2014/q1/29 http://secunia.com/advisories/55882 http://secunia.com/advisories/56036 SuSE Security Announcement: SUSE-SU-2014:0459 (Google Search) SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://www.ubuntu.com/usn/USN-2113-1 http://www.ubuntu.com/usn/USN-2117-1 http://www.ubuntu.com/usn/USN-2135-1 http://www.ubuntu.com/usn/USN-2136-1 http://www.ubuntu.com/usn/USN-2138-1 http://www.ubuntu.com/usn/USN-2139-1 http://www.ubuntu.com/usn/USN-2141-1
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.