English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.123694
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2013-2507)
Summary:The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2507 advisory.
Description:Summary:
The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2507 advisory.

Vulnerability Insight:
[2.6.39-400.17.1]
- This is a fix on dlm_clean_master_list() (Xiaowei.Hu)
- RDS: fix rds-ping spinlock recursion (jeff.liu) [Orabug: 16223050]
- vhost: fix length for cross region descriptor (Michael S. Tsirkin) [Orabug:
16387183] {CVE-2013-0311}
- kabifix: block/scsi: Allow request and error handling timeouts to be
specified (Maxim Uvarov)
- block/scsi: Allow request and error handling timeouts to be specified (Martin
K. Petersen) [Orabug: 16372401]
- [SCSI] Shorten the path length of scsi_cmd_to_driver() (Li Zhong) [Orabug:
16372401]
- Fix NULL dereferences in scsi_cmd_to_driver (Mark Rustad) [Orabug: 16372401]
- SCSI: Fix error handling when no ULD is attached (Martin K. Petersen)
[Orabug: 16372401]
- Handle disk devices which can not process medium access commands (Martin K.
Petersen) [Orabug: 16372401]
- the ac->ac_allow_chain_relink=0 won't disable group relink (Xiaowei.Hu)
[Orabug: 14842737]
- pci: hotplug: fix null dereference in pci_set_payload() (Jerry Snitselaar)
[Orabug: 16345420]

[2.6.39-400.16.0]
- epoll: prevent missed events on EPOLL_CTL_MOD (Eric Wong) [Orabug: 16363540]
- rds: this resolved crash while removing rds_rdma module. orabug: 16268201
(Bang Nguyen) [Orabug: 16268201]
- rds: scheduling while atomic on failover orabug: 16275095 (Bang Nguyen)
[Orabug: 16268201]
- SRP: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug:
16268201]
- iSER: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug:
16268201]

[2.6.39-400.15.0]
- x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS. (Jan
Beulich) {CVE-2013-0228}
- xen-blkfront: drop the use of llist_for_each_entry_safe (Konrad Rzeszutek
Wilk) [Orabug: 16263164]
- Revert 'xen PVonHVM: use E820_Reserved area for shared_info' (Konrad
Rzeszutek Wilk) [Orabug: 16297716]
- Revert 'xen/PVonHVM: fix compile warning in init_hvm_pv_info' (Konrad
Rzeszutek Wilk)

[2.6.39-400.14.0]
- xfs: use shared ilock mode for direct IO writes by default (Dave Chinner)
[Orabug: 16304938]
- sched: fix divide by zero at {thread_group,task}_times (Stanislaw Gruszka)
[Orabug: 15956690]
- Revert 'Revert 'cgroup: notify_on_release may not be triggered in some
cases'' (Maxim Uvarov)
- xen_fmr: Verify XEN platform before running xen_fmr drivers (Yuval Shaia)
[Orabug: 16302435]
- rds: unregister IB event handler on shutdown (Bang Nguyen) [Orabug: 16302435]
- rds: HAIP support child interface (Bang Nguyen) [Orabug: 16302435]
- RDS HAIP misc fixes (Bang Nguyen) [Orabug: 16302435]
- Ignore failover groups if HAIP is disabled (Bang Nguyen) [Orabug: 16302435]
- RDS: RDS rolling upgrade (Saeed Mahameed) [Orabug: 16302435]
- mlx4_core: use correct FMR number of clients according to PRM. (Saeed
Mahameed) [Orabug: 16302435]

[2.6.39-400.13.0]
- kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305]
{CVE-2012-4398}
- kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel-uek' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.6

CVSS Vector:
AV:L/AC:M/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-0228
MDVSA-2013:176
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
USN-1795-1
http://www.ubuntu.com/usn/USN-1795-1
USN-1796-1
http://www.ubuntu.com/usn/USN-1796-1
USN-1797-1
http://www.ubuntu.com/usn/USN-1797-1
USN-1805-1
http://www.ubuntu.com/usn/USN-1805-1
USN-1808-1
http://www.ubuntu.com/usn/USN-1808-1
[oss-security] 20130213 Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
http://www.openwall.com/lists/oss-security/2013/02/13/10
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d2b4d11d69a92574a55bfd985cfb0ca77aebdc
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.9
https://bugzilla.redhat.com/show_bug.cgi?id=906309
https://github.com/torvalds/linux/commit/13d2b4d11d69a92574a55bfd985cfb0ca77aebdc
Common Vulnerability Exposure (CVE) ID: CVE-2013-0309
RHSA-2013:0496
http://rhn.redhat.com/errata/RHSA-2013-0496.html
[oss-security] 20130219 Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS
http://www.openwall.com/lists/oss-security/2013/02/20/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=027ef6c87853b0a9df53175063028edb4950d476
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.2
https://bugzilla.redhat.com/show_bug.cgi?id=912898
https://github.com/torvalds/linux/commit/027ef6c87853b0a9df53175063028edb4950d476
Common Vulnerability Exposure (CVE) ID: CVE-2013-0310
[oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference
http://www.openwall.com/lists/oss-security/2013/02/20/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8
https://bugzilla.redhat.com/show_bug.cgi?id=912900
https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177
Common Vulnerability Exposure (CVE) ID: CVE-2013-0311
RHSA-2013:0579
http://rhn.redhat.com/errata/RHSA-2013-0579.html
RHSA-2013:0882
http://rhn.redhat.com/errata/RHSA-2013-0882.html
RHSA-2013:0928
http://rhn.redhat.com/errata/RHSA-2013-0928.html
[oss-security] 20130219 Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor
http://www.openwall.com/lists/oss-security/2013/02/20/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.7.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=912905
https://github.com/torvalds/linux/commit/bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
openSUSE-SU-2013:1187
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.