Test ID:	1.3.6.1.4.1.25623.1.0.123637
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2013-0744)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2013-0744 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2013-0744 advisory. Vulnerability Insight: [2.6.32-358.6.1] - [virt] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes (Petr Matousek) [917020 917021] {CVE-2013-1796} - [char] tty: hold lock across tty buffer finding and buffer filling (Prarit Bhargava) [928686 901780] - [net] tcp: fix for zero packets_in_flight was too broad (Thomas Graf) [927309 920794] - [net] tcp: frto should not set snd_cwnd to 0 (Thomas Graf) [927309 920794] - [net] tcp: fix an infinite loop in tcp_slow_start() (Thomas Graf) [927309 920794] - [net] tcp: fix ABC in tcp_slow_start() (Thomas Graf) [927309 920794] - [netdrv] ehea: avoid accessing a NULL vgrp (Steve Best) [921535 911359] - [net] sunrpc: Get rid of the redundant xprt->shutdown bit field (J. Bruce Fields) [915579 893584] - [virt] kvm: do not #GP on unaligned MSR_KVM_SYSTEM_TIME write (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [drm] i915: bounds check execbuffer relocation count (Nikola Pajkovsky) [920523 920525] {CVE-2013-0913} - [x86] irq: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [911267 887006] - [kvm] Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [kvm] Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [kvm] Fix bounds checking in ioapic indirect register reads (Gleb Natapov) [917030 917032] {CVE-2013-1798} - [kvm] x86: release kvmclock page on reset (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [security] keys: Fix race with concurrent install_user_keyrings() (David Howells) [916681 913258] {CVE-2013-1792} - [virt] hv_balloon: Make adjustments to the pressure report (Jason Wang) [909156 902232] [2.6.32-358.5.1] - [fs] xfs: use maximum schedule timeout when ail is empty (Brian Foster) [921958 883905] - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_auth() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922386 922387] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922386 922387] {CVE-2012-6546} - [fs] nls: improve UTF8 -> UTF16 string conversion routine (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [fs] fat: Fix stat->f_namelen (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [netdrv] tun: fix ioctl() based info leaks (Thomas Graf) [922350 922351] {CVE-2012-6547} - [virt] x86: Add a check to catch Xen emulation of Hyper-V (Andrew Jones) [923204 918239] - [fs] cifs: fix expand_dfs_referral (Sachin Prabhu) [923098 902492] - [fs] cifs: factor smb_vol allocation out of cifs_setup_volume_info (Sachin Prabhu) [923098 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6537 http://www.openwall.com/lists/oss-security/2013/03/05/13 RedHat Security Advisories: RHSA-2013:0744 http://rhn.redhat.com/errata/RHSA-2013-0744.html http://www.ubuntu.com/usn/USN-1792-1 http://www.ubuntu.com/usn/USN-1798-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6546 http://www.ubuntu.com/usn/USN-1805-1 http://www.ubuntu.com/usn/USN-1808-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6547 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 Common Vulnerability Exposure (CVE) ID: CVE-2013-0349 RHSA-2013:0744 USN-1805-1 USN-1808-1 [oss-security] 20130222 Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure http://www.openwall.com/lists/oss-security/2013/02/23/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0a9ab9bdb3e891762553f667066190c1d22ad62b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 https://bugzilla.redhat.com/show_bug.cgi?id=914298 https://github.com/torvalds/linux/commit/0a9ab9bdb3e891762553f667066190c1d22ad62b Common Vulnerability Exposure (CVE) ID: CVE-2013-0913 https://lkml.org/lkml/2013/3/11/501 http://openwall.com/lists/oss-security/2013/03/11/6 http://openwall.com/lists/oss-security/2013/03/13/9 http://openwall.com/lists/oss-security/2013/03/14/22 SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://www.ubuntu.com/usn/USN-1809-1 http://www.ubuntu.com/usn/USN-1811-1 http://www.ubuntu.com/usn/USN-1812-1 http://www.ubuntu.com/usn/USN-1813-1 http://www.ubuntu.com/usn/USN-1814-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1767 MDVSA-2013:176 RHSA-2013:0882 http://rhn.redhat.com/errata/RHSA-2013-0882.html RHSA-2013:0928 http://rhn.redhat.com/errata/RHSA-2013-0928.html USN-1787-1 http://www.ubuntu.com/usn/USN-1787-1 USN-1788-1 http://www.ubuntu.com/usn/USN-1788-1 USN-1792-1 USN-1793-1 http://www.ubuntu.com/usn/USN-1793-1 USN-1794-1 http://www.ubuntu.com/usn/USN-1794-1 USN-1795-1 http://www.ubuntu.com/usn/USN-1795-1 USN-1796-1 http://www.ubuntu.com/usn/USN-1796-1 USN-1797-1 http://www.ubuntu.com/usn/USN-1797-1 USN-1798-1 [oss-security] 20130225 Re: kernel: tmpfs use-after-free http://www.openwall.com/lists/oss-security/2013/02/25/23 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f00110f7273f9ff04ac69a5f85bb535a4fd0987 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10 https://bugzilla.redhat.com/show_bug.cgi?id=915592 https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987 openSUSE-SU-2013:0847 openSUSE-SU-2013:0925 Common Vulnerability Exposure (CVE) ID: CVE-2013-1773 23248 http://www.exploit-db.com/exploits/23248/ 58200 http://www.securityfocus.com/bid/58200 88310 http://www.osvdb.org/88310 RHSA-2013:1026 http://rhn.redhat.com/errata/RHSA-2013-1026.html [oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow http://www.openwall.com/lists/oss-security/2013/02/26/8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=916115 https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd Common Vulnerability Exposure (CVE) ID: CVE-2013-1774 SUSE-SU-2013:1182 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html SUSE-SU-2013:1474 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html [oss-security] 20130227 Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference http://www.openwall.com/lists/oss-security/2013/02/27/29 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4 http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/ https://bugzilla.redhat.com/show_bug.cgi?id=916191 https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811 Common Vulnerability Exposure (CVE) ID: CVE-2013-1792 [oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() http://www.openwall.com/lists/oss-security/2013/03/07/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3 https://bugzilla.redhat.com/show_bug.cgi?id=916646 https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087 openSUSE-SU-2013:1187 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html openSUSE-SU-2014:0204 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1796 58607 http://www.securityfocus.com/bid/58607 RHSA-2013:0727 http://rhn.redhat.com/errata/RHSA-2013-0727.html RHSA-2013:0746 http://rhn.redhat.com/errata/RHSA-2013-0746.html USN-1809-1 USN-1812-1 USN-1813-1 [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8] http://www.openwall.com/lists/oss-security/2013/03/20/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c300aa64ddf57d9c5d9c898a64b36877345dd4a9 https://bugzilla.redhat.com/show_bug.cgi?id=917012 https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9 Common Vulnerability Exposure (CVE) ID: CVE-2013-1797 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1 https://bugzilla.redhat.com/show_bug.cgi?id=917013 https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1798 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55 http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html https://bugzilla.redhat.com/show_bug.cgi?id=917017 https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55 Common Vulnerability Exposure (CVE) ID: CVE-2013-1826 USN-1829-1 http://www.ubuntu.com/usn/USN-1829-1 [oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs http://www.openwall.com/lists/oss-security/2013/03/07/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7 https://bugzilla.redhat.com/show_bug.cgi?id=919384 https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836 Common Vulnerability Exposure (CVE) ID: CVE-2013-1827 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4 https://bugzilla.redhat.com/show_bug.cgi?id=919164 https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.