| Description: | Summary:
The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2525 advisory.
Vulnerability Insight:
[2.6.39-400.109.1]
- while removing a non-empty directory, the kernel dumps a message: (rmdir,21743,1):ocfs2_unlink:953 ERROR: status = -39 (Xiaowei.Hu) [Orabug: 16790405]
- stop mig handler when lockres in progress ,and return -EAGAIN (Xiaowei.Hu) [Orabug: 16876446]
[2.6.39-400.108.1]
- Revert 'dlmglue race condition,wrong lockres_clear_pending' (Maxim Uvarov) [Orabug: 16897450]
- Suppress the error message from being printed in ocfs2_rename (Xiaowei.Hu) [Orabug: 16790405]
- fnic: return zero on fnic_reset() success (Joe Jin) [Orabug: 16885029]
[2.6.39-400.107.1]
- xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan)
- ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825]
- Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843]
- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157]
- net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979}
- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929}
- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860}
- ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848}
- cnic: don't use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307]
- Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689]
- x86/boot-image: Don't leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437]
- spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114]
- perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094}
- spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586]
- Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891]
- xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek)
- fuse: enhance fuse dev to be numa aware (Srinivas Eeda) [Orabug: 16218187]
- fuse: add fuse numa node struct (Srinivas Eeda) [Orabug: 16218187]
- fuse: add numa mount option (Srinivas Eeda) [Orabug: 16218187]
- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) [Orabug: 16660413]
- bonding: allow all slave speeds (Jiri Pirko) [Orabug: 16759490]
- dlmglue race condition,wrong lockres_clear_pending (Xiaowei.Hu) [Orabug: 13611997]
[2.6.39-400.106.0]
- spec: fix suffix order of a directory name (Guangyu Sun) [Orabug: 16682371]
- Merge tag 'v2.6.39-400#qu4bcom' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16626319]
- Merge tag 'v2.6.39-400#qu4qlge' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16732027]
- Merge tag 'v2.6.39-400#qu4lpfc' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16749881]
- block: default ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'kernel-uek' package(s) on Oracle Linux 5, Oracle Linux 6.
Solution:
Please install the updated package(s).
CVSS Score:
6.9
CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
