Test ID:	1.3.6.1.4.1.25623.1.0.123900
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0743)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2012-0743 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2012-0743 advisory. Vulnerability Insight: [2.6.32-220.23.1.el6] - [net] bond: Make LRO flag follow slave settings (Neil Horman) [831176 794647] [2.6.32-220.22.1.el6] - [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [824429 812108] [2.6.32-220.21.1.el6] - [security] fix compile error in commoncap.c (Eric Paris) [806725 806726] {CVE-2012-2123} - [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806725 806726] {CVE-2012-2123} - [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [822757 803936] {CVE-2012-2372} - [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816292 814504] {CVE-2012-2136} - [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816154 816155] {CVE-2012-2137} - [drm] integer overflow in drm_mode_dirtyfb_ioctl() (Dave Airlie) [773249 773250] {CVE-2012-0044} - [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [824429 812108] - [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [824429 812108] - [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [823903 822697] - [infiniband] mlx4: fix RoCE oops (Doug Ledford) [799946 749059] - [mm] read_pmd_atomic: fix pmd_populate SMP race condition (Andrea Arcangeli) [822824 820762] {CVE-2012-2373} - [infiniband] mlx4: check return code and bail on error (Doug Ledford) [799946 749059] - [infiniband] mlx4: use locking when walking netdev list (Doug Ledford) [799946 749059] - [mm] thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) [803808 800328] {CVE-2012-1179} [2.6.32-220.20.1.el6] - [vhost] net: fix possible NULL pointer dereference of vq->bufs (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: validate zerocopy vectors before building skb (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: put zerocopy page when fail to get all requested user pages (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: fix zerocopy offset calculation when building skb (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] bonding: remove entries for master_ip and vlan_ip and query devices instead (Andy Gospodarek) [816197 810299] - [virt] KVM: lock slots_lock around device assignment (Alex Williamson) [814154 811653] {CVE-2012-2121} - [virt] kvm: unmap pages from the iommu when slots are removed (Alex Williamson) [814154 811653] {CVE-2012-2121} - [virt] xenfv: fix hangs when kdumping (Andrew Jones) [812953 811815] - [s390x] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810125 808487] - [drm] i915: suspend fbdev device around suspend/hibernate (Dave Airlie) [818503 746169] - [fs] tmpfs: fix off-by-one in max_blocks checks (Eric Sandeen) [809399 783497] - [net] bonding: ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0044 51371 http://www.securityfocus.com/bid/51371 RHSA-2012:0743 http://rhn.redhat.com/errata/RHSA-2012-0743.html USN-1555-1 http://www.ubuntu.com/usn/USN-1555-1 USN-1556-1 http://www.ubuntu.com/usn/USN-1556-1 [oss-security] 20120111 Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() http://www.openwall.com/lists/oss-security/2012/01/12/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cd335165e31db9dbab636fd29895d41da55dd2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.5 https://bugzilla.redhat.com/show_bug.cgi?id=772894 https://github.com/torvalds/linux/commit/a5cd335165e31db9dbab636fd29895d41da55dd2 Common Vulnerability Exposure (CVE) ID: CVE-2012-1179 1027084 http://www.securitytracker.com/id?1027084 48404 http://secunia.com/advisories/48404 48898 http://secunia.com/advisories/48898 FEDORA-2012-3712 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075781.html HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 SUSE-SU-2012:0554 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html [oss-security] 20120315 CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON() http://www.openwall.com/lists/oss-security/2012/03/15/7 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=803793 https://github.com/torvalds/linux/commit/4a1d704194a441bf83c636004a479e01360ec850 Common Vulnerability Exposure (CVE) ID: CVE-2012-2119 USN-1529-1 http://ubuntu.com/usn/usn-1529-1 [linux-netdev] 20120416 [PATCH 3/6] macvtap: zerocopy: validate vector length before pinning user pages http://marc.info/?l=linux-netdev&m=133455718001608&w=2 [oss-security] 20120419 Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages http://www.openwall.com/lists/oss-security/2012/04/19/14 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b92946e2919134ebe2a4083e4302236295ea2a73 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=4aae94d1c7b32316911c86176c0ed4f8ed62da73 openSUSE-SU-2013:0925 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2121 1027083 http://www.securitytracker.com/id?1027083 50732 http://secunia.com/advisories/50732 RHSA-2012:0676 http://rhn.redhat.com/errata/RHSA-2012-0676.html USN-1577-1 http://www.ubuntu.com/usn/USN-1577-1 USN-2036-1 http://www.ubuntu.com/usn/USN-2036-1 USN-2037-1 http://www.ubuntu.com/usn/USN-2037-1 [oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak http://www.openwall.com/lists/oss-security/2012/04/19/16 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4 https://bugzilla.redhat.com/show_bug.cgi?id=814149 https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195 Common Vulnerability Exposure (CVE) ID: CVE-2012-2123 1027072 http://www.securitytracker.com/id?1027072 53166 http://www.securityfocus.com/bid/53166 DSA-2469 http://www.debian.org/security/2012/dsa-2469 RHSA-2012:0670 http://rhn.redhat.com/errata/RHSA-2012-0670.html [oss-security] 20120419 Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used http://www.openwall.com/lists/oss-security/2012/04/20/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d52fc5dde171f030170a6cb78034d166b13c9445 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.3 https://bugzilla.redhat.com/show_bug.cgi?id=806722 https://github.com/torvalds/linux/commit/d52fc5dde171f030170a6cb78034d166b13c9445 linux-kernel-fcaps-sec-bypass(75043) https://exchange.xforce.ibmcloud.com/vulnerabilities/75043 Common Vulnerability Exposure (CVE) ID: CVE-2012-2136 50807 http://secunia.com/advisories/50807 53721 http://www.securityfocus.com/bid/53721 RHSA-2012:1087 http://rhn.redhat.com/errata/RHSA-2012-1087.html USN-1535-1 http://www.ubuntu.com/usn/USN-1535-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc https://bugzilla.redhat.com/show_bug.cgi?id=816289 https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc Common Vulnerability Exposure (CVE) ID: CVE-2012-2137 50952 http://secunia.com/advisories/50952 50961 http://secunia.com/advisories/50961 54063 http://www.securityfocus.com/bid/54063 USN-1594-1 http://www.ubuntu.com/usn/USN-1594-1 USN-1606-1 http://www.ubuntu.com/usn/USN-1606-1 USN-1607-1 http://ubuntu.com/usn/usn-1607-1 USN-1609-1 http://www.ubuntu.com/usn/USN-1609-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 https://bugzilla.redhat.com/show_bug.cgi?id=816151 Common Vulnerability Exposure (CVE) ID: CVE-2012-2372 54062 http://www.securityfocus.com/bid/54062 RHSA-2012:1540 http://rhn.redhat.com/errata/RHSA-2012-1540.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html https://bugzilla.redhat.com/show_bug.cgi?id=822754 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=c7b6a0a1d8d636852be130fa15fa8be10d4704e8 Common Vulnerability Exposure (CVE) ID: CVE-2012-2373 [oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition http://www.openwall.com/lists/oss-security/2012/05/18/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626 https://bugzilla.redhat.com/show_bug.cgi?id=822821 https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.