Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0862)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123879

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2012-0862)

Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2012-0862 advisory.

Description: Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2012-0862 advisory.

Vulnerability Insight:
[2.6.32-279.el6]
- [netdrv] mlx4: ignore old module parameters (Jay Fenlason) [830553]

[2.6.32-278.el6]
- [kernel] sysctl: silence warning about missing strategy for file-max at boot time (Jeff Layton) [803431]
- [net] sunrpc: make new tcp_max_slot_table_entries sysctl use CTL_UNNUMBERED (Jeff Layton) [803431]
- [drm] i915: set AUD_CONFIG N_value_index for DisplayPort (Dave Airlie) [747890]
- [scsi] scsi_lib: fix scsi_io_completions SG_IO error propagation (Mike Snitzer) [827163]
- [fs] nfs: Fix corrupt read data after short READ from server (Sachin Prabhu) [817738]

[2.6.32-277.el6]
- [scsi] be2iscsi: fix dma free size mismatch regression (Mike Christie) [824287]
- [scsi] libsas: check dev->gone before submitting sata i/o (David Milburn) [824025]

[2.6.32-276.el6]
- [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [812108]

[2.6.32-275.el6]
- [net] bridge: fix broadcast flood regression (Jesper Brouer) [817157]
- [ipc] mqueue: use correct gfp flags in msg_insert (Doug Ledford) [750260]
- [security] fix compile error in commoncap.c (Eric Paris) [806726] {CVE-2012-2123}
- [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806726] {CVE-2012-2123}
- [fs] proc: Fix vmstat crashing with trap divide error (Larry Woodman) [820507]
- [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [803936] {CVE-2012-2372}
- [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [814504] {CVE-2012-2136}
- [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816155] {CVE-2012-2137}

[2.6.32-274.el6]
- [net] sunrpc: fix loss of task->tk_status after rpc_delay call in xprt_alloc_slot (Jeff Layton) [822189]
- [net] sunrpc: suppress page allocation warnings in xprt_alloc_slot() (Jeff Layton) [822189]
- [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [812108]
- [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [812108]
- [usb] Don't fail USB3 probe on missing legacy PCI IRQ (Don Zickus) [812254]
- [usb] Fix handoff when BIOS disables host PCI device (Don Zickus) [812254]
- [usb] Remove duplicate USB 3.0 hub feature #defines (Don Zickus) [812254]
- [usb] Set hub depth after USB3 hub reset (Don Zickus) [812254]
- [usb] xhci: Fix encoding for HS bulk/control NAK rate (Don Zickus) [812254]
- [usb] Fix issue with USB 3.0 devices after system resume (Don Zickus) [812254]
- [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [822697]

[2.6.32-273.el6]
- [s390] qeth: remove siga retry for HiperSockets devices (Hendrik Brueckner) [817090]
- [scsi] lpfc: Changed version number to 8.3.5.68.5p (Rob Evers) [821515]
- [scsi] lpfc: Fixed system crash due to not providing SCSI error-handling host reset handler (Rob Evers) [821515]
- [scsi] lpfc: Correct handling of SLI4-port XRI resource-provisioning profile change (Rob Evers) ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1083
43522
http://secunia.com/advisories/43522
48115
http://secunia.com/advisories/48115
48410
http://secunia.com/advisories/48410
48898
http://secunia.com/advisories/48898
48964
http://secunia.com/advisories/48964
71265
http://www.osvdb.org/71265
RHSA-2012:0862
http://rhn.redhat.com/errata/RHSA-2012-0862.html
SUSE-SU-2012:0554
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
SUSE-SU-2012:0616
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
[linux-kernel] 20110225 [PATCH] optimize epoll loop detection
http://article.gmane.org/gmane.linux.kernel/1105744
[linux-kernel] 20110226 Re: [PATCH] optimize epoll loop detection
http://article.gmane.org/gmane.linux.kernel/1105888
[linux-kernel] 20110228 Re: [PATCH] optimize epoll loop detection
http://article.gmane.org/gmane.linux.kernel/1106686
[oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll
http://openwall.com/lists/oss-security/2011/03/02/1
[oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll
http://openwall.com/lists/oss-security/2011/03/02/2
https://bugzilla.redhat.com/show_bug.cgi?id=681578
Common Vulnerability Exposure (CVE) ID: CVE-2011-4131
FEDORA-2012-8359
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html
RHSA-2012:1541
http://rhn.redhat.com/errata/RHSA-2012-1541.html
[oss-security] 20111111 Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops
http://www.openwall.com/lists/oss-security/2011/11/12/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bf118a342f10dafe44b14451a1392c3254629a1f
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
https://bugzilla.redhat.com/show_bug.cgi?id=747106
https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f
openSUSE-SU-2013:0925
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123879
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0862)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2012-0862 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2012-0862 advisory. Vulnerability Insight: [2.6.32-279.el6] - [netdrv] mlx4: ignore old module parameters (Jay Fenlason) [830553] [2.6.32-278.el6] - [kernel] sysctl: silence warning about missing strategy for file-max at boot time (Jeff Layton) [803431] - [net] sunrpc: make new tcp_max_slot_table_entries sysctl use CTL_UNNUMBERED (Jeff Layton) [803431] - [drm] i915: set AUD_CONFIG N_value_index for DisplayPort (Dave Airlie) [747890] - [scsi] scsi_lib: fix scsi_io_completions SG_IO error propagation (Mike Snitzer) [827163] - [fs] nfs: Fix corrupt read data after short READ from server (Sachin Prabhu) [817738] [2.6.32-277.el6] - [scsi] be2iscsi: fix dma free size mismatch regression (Mike Christie) [824287] - [scsi] libsas: check dev->gone before submitting sata i/o (David Milburn) [824025] [2.6.32-276.el6] - [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [812108] [2.6.32-275.el6] - [net] bridge: fix broadcast flood regression (Jesper Brouer) [817157] - [ipc] mqueue: use correct gfp flags in msg_insert (Doug Ledford) [750260] - [security] fix compile error in commoncap.c (Eric Paris) [806726] {CVE-2012-2123} - [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806726] {CVE-2012-2123} - [fs] proc: Fix vmstat crashing with trap divide error (Larry Woodman) [820507] - [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [803936] {CVE-2012-2372} - [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [814504] {CVE-2012-2136} - [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816155] {CVE-2012-2137} [2.6.32-274.el6] - [net] sunrpc: fix loss of task->tk_status after rpc_delay call in xprt_alloc_slot (Jeff Layton) [822189] - [net] sunrpc: suppress page allocation warnings in xprt_alloc_slot() (Jeff Layton) [822189] - [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [812108] - [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [812108] - [usb] Don't fail USB3 probe on missing legacy PCI IRQ (Don Zickus) [812254] - [usb] Fix handoff when BIOS disables host PCI device (Don Zickus) [812254] - [usb] Remove duplicate USB 3.0 hub feature #defines (Don Zickus) [812254] - [usb] Set hub depth after USB3 hub reset (Don Zickus) [812254] - [usb] xhci: Fix encoding for HS bulk/control NAK rate (Don Zickus) [812254] - [usb] Fix issue with USB 3.0 devices after system resume (Don Zickus) [812254] - [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [822697] [2.6.32-273.el6] - [s390] qeth: remove siga retry for HiperSockets devices (Hendrik Brueckner) [817090] - [scsi] lpfc: Changed version number to 8.3.5.68.5p (Rob Evers) [821515] - [scsi] lpfc: Fixed system crash due to not providing SCSI error-handling host reset handler (Rob Evers) [821515] - [scsi] lpfc: Correct handling of SLI4-port XRI resource-provisioning profile change (Rob Evers) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1083 43522 http://secunia.com/advisories/43522 48115 http://secunia.com/advisories/48115 48410 http://secunia.com/advisories/48410 48898 http://secunia.com/advisories/48898 48964 http://secunia.com/advisories/48964 71265 http://www.osvdb.org/71265 RHSA-2012:0862 http://rhn.redhat.com/errata/RHSA-2012-0862.html SUSE-SU-2012:0554 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html SUSE-SU-2012:0616 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html [linux-kernel] 20110225 [PATCH] optimize epoll loop detection http://article.gmane.org/gmane.linux.kernel/1105744 [linux-kernel] 20110226 Re: [PATCH] optimize epoll loop detection http://article.gmane.org/gmane.linux.kernel/1105888 [linux-kernel] 20110228 Re: [PATCH] optimize epoll loop detection http://article.gmane.org/gmane.linux.kernel/1106686 [oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll http://openwall.com/lists/oss-security/2011/03/02/1 [oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll http://openwall.com/lists/oss-security/2011/03/02/2 https://bugzilla.redhat.com/show_bug.cgi?id=681578 Common Vulnerability Exposure (CVE) ID: CVE-2011-4131 FEDORA-2012-8359 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html RHSA-2012:1541 http://rhn.redhat.com/errata/RHSA-2012-1541.html [oss-security] 20111111 Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops http://www.openwall.com/lists/oss-security/2011/11/12/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bf118a342f10dafe44b14451a1392c3254629a1f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=747106 https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f openSUSE-SU-2013:0925 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
Copyright	Copyright (C) 2015 Greenbone AG