Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)
2015-05-14T00:00:00
ID ORACLELINUX_ELSA-2015-3036.NASL Type nessus Reporter This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2015-05-14T00:00:00
[2.6.39-400.250.1.el6uek]
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad
Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}
- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne)
[Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for
attached SCSI devices when driver resources are low.' (Chad Dupuis)
[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted
(David Vrabel) [Orabug: 20618759] - sched: Expose
preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs:
Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552]
{CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic
(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}
- xen-pciback: limit guest control of command register (Jan Beulich)
[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}
- net: sctp: fix slab corruption from use after free on INIT collisions
(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2015-3036.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(83449);
script_version("2.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2014-3215", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-1421", "CVE-2015-2150", "CVE-2015-3331");
script_bugtraq_id(71883, 72356, 73014, 73060, 74235);
script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Description of changes:
[2.6.39-400.250.2.el6uek]
- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller)
[Orabug: 21077389] {CVE-2015-3331}
[2.6.39-400.250.1.el6uek]
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad
Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}
- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne)
[Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for
attached SCSI devices when driver resources are low.' (Chad Dupuis)
[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted
(David Vrabel) [Orabug: 20618759] - sched: Expose
preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs:
Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552]
{CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic
(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}
- xen-pciback: limit guest control of command register (Jan Beulich)
[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}
- net: sctp: fix slab corruption from use after free on INIT collisions
(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected unbreakable enterprise kernel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/08");
script_set_attribute(attribute:"patch_publication_date", value:"2015/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
rm_kb_item(name:"Host/uptrack-uname-r");
cve_list = make_list("CVE-2014-3215", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-1421", "CVE-2015-2150", "CVE-2015-3331");
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2015-3036");
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.6";
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
flag = 0;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.250.2.el6uek")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}
{"id": "ORACLELINUX_ELSA-2015-3036.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "published": "2015-05-14T00:00:00", "modified": "2015-05-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/83449", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "type": "nessus", "lastseen": "2021-01-17T12:50:23", "edition": 24, "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2015-3036", "ELSA-2015-3034", "ELSA-2015-0987", "ELSA-2015-3032", "ELSA-2015-3019", "ELSA-2015-0864", "ELSA-2015-3035", "ELSA-2015-0726", "ELSA-2015-3020", "ELSA-2015-3033"]}, {"type": "cve", "idList": ["CVE-2015-2150", "CVE-2014-3215", "CVE-2015-3331", "CVE-2014-9584", "CVE-2015-1421", "CVE-2014-8159"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2015-3033.NASL", "REDHAT-RHSA-2015-0751.NASL", "ORACLELINUX_ELSA-2015-3034.NASL", "ORACLELINUX_ELSA-2015-3020.NASL", "ORACLEVM_OVMSA-2015-0060.NASL", "ORACLELINUX_ELSA-2015-3035.NASL", "REDHAT-RHSA-2015-0727.NASL", "FEDORA_2015-4066.NASL", "ORACLELINUX_ELSA-2015-3019.NASL", "CENTOS_RHSA-2015-0726.NASL"]}, {"type": "f5", "idList": ["F5:K17541", "SOL16819", "SOL16596", "SOL17242", "SOL17245", "SOL17541", "F5:K16819", "SOL16478", "F5:K17245", "F5:K17242"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123144", "OPENVAS:1361412562310123125", "OPENVAS:1361412562310882145", "OPENVAS:1361412562310123114", "OPENVAS:1361412562310123113", "OPENVAS:1361412562310869595", "OPENVAS:1361412562310123143", "OPENVAS:1361412562310871343", "OPENVAS:1361412562310123126", "OPENVAS:1361412562310105356"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0"]}, {"type": "fedora", "idList": ["FEDORA:64A3560E556B"]}, {"type": "redhat", "idList": ["RHSA-2015:0726", "RHSA-2015:0751", "RHSA-2015:0864", "RHSA-2015:0727"]}, {"type": "centos", "idList": ["CESA-2015:0864", "CESA-2015:0726"]}, {"type": "ubuntu", "idList": ["USN-2614-1", "USN-2613-1", "USN-2631-1", "USN-2632-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30741", "SECURITYVULNS:DOC:31988", "SECURITYVULNS:DOC:32205"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3237-1:27D30"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1376-1"]}], "modified": "2021-01-17T12:50:23", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-17T12:50:23", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83449);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3036\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "83449", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "scheme": null, "immutableFields": []}
{"oraclelinux": [{"lastseen": "2019-05-29T18:38:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "description": "[2.6.39-400.250.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}\n[2.6.39-400.250.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] \n- Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] \n- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] \n- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 4, "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3036", "href": "http://linux.oracle.com/errata/ELSA-2015-3036.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2015-3331", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150", "CVE-2014-8171"], "description": "kernel-uek\n[3.8.13-68.2.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077385] {CVE-2015-3331}\n[3.8.13-68.2.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20860817] \n- Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/core/flow.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- mm, vmstat: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- trace, ring-buffer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, coretemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- octeon, watchdog: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- oprofile, nmi-timer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- intel-idle: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- acpi-cpufreq: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, fcoe: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2i: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, hw_breakpoint.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, kvm: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, pci, amd-bus: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, hpet: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, amd, ibs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, mce: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, uncore: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, cpuid: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, msr: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- powerpc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- sparc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, smp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm, hw-breakpoint: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, err-inject: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, topology: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, palinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug: Provide lockless versions of callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}", "edition": 4, "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3035", "href": "http://linux.oracle.com/errata/ELSA-2015-3035.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2014-8159", "CVE-2015-2150"], "description": "kernel-uek\n[3.8.13-68.1.2]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\n[3.8.13-68.1.1]\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421}", "edition": 4, "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-3019", "href": "http://linux.oracle.com/errata/ELSA-2015-3019.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2014-8159", "CVE-2015-2150"], "description": "[2.6.39-400.249.3]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n[2.6.39-400.249.2]\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 4, "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-3020", "href": "http://linux.oracle.com/errata/ELSA-2015-3020.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-9584"], "description": "kernel-uek\n[2.6.32-400.37.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "edition": 4, "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3034", "href": "http://linux.oracle.com/errata/ELSA-2015-3034.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-9584"], "description": "[2.6.39-400.249.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "edition": 4, "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3033", "href": "http://linux.oracle.com/errata/ELSA-2015-3033.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3331", "CVE-2014-8159"], "description": "[3.10.0-229.4.2]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229.4.2]\n- [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt Stutsman) [1213331 1212178] {CVE-2015-3331}\n[3.10.0-229.4.1]\n- [crypto] x86: sha256_ssse3 - also test for BMI2 (Herbert Xu) [1211484 1201563]\n- [crypto] testmgr: fix RNG return code enforcement (Herbert Xu) [1211487 1198978]\n- [crypto] rng: RNGs must return 0 in success case (Herbert Xu) [1211487 1198978]\n- [crypto] x86: sha1 - reduce size of the AVX2 asm implementation (Herbert Xu) [1211291 1177968]\n- [crypto] x86: sha1 - fix stack alignment of AVX2 variant (Herbert Xu) [1211291 1177968]\n- [crypto] x86: sha1 - re-enable the AVX variant (Herbert Xu) [1211291 1177968]\n- [crypto] sha: SHA1 transform x86_64 AVX2 (Herbert Xu) [1211291 1177968]\n- [crypto] sha-mb: sha1_mb_alg_state can be static (Herbert Xu) [1211290 1173756]\n- [crypto] mcryptd: mcryptd_flist can be static (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer job manager and glue code (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer crypto computation (x8 AVX2) (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer submit and flush routines for AVX2 (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer algorithm data structures (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: multibuffer crypto infrastructure (Herbert Xu) [1211290 1173756]\n- [kernel] sched: Add function single_task_running to let a task check if it is the only task running on a cpu (Herbert Xu) [1211290 1173756]\n- [crypto] ahash: initialize entry len for null input in crypto hash sg list walk (Herbert Xu) [1211290 1173756]\n- [crypto] ahash: Add real ahash walk interface (Herbert Xu) [1211290 1173756]\n- [char] random: account for entropy loss due to overwrites (Herbert Xu) [1211288 1110044]\n- [char] random: allow fractional bits to be tracked (Herbert Xu) [1211288 1110044]\n- [char] random: statically compute poolbitshift, poolbytes, poolbits (Herbert Xu) [1211288 1110044]\n[3.10.0-229.3.1]\n- [netdrv] mlx4_en: tx_info->ts_requested was not cleared (Doug Ledford) [1209240 1178070]\n[3.10.0-229.2.1]\n- [char] tpm: Added Little Endian support to vtpm module (Steve Best) [1207051 1189017]\n- [powerpc] pseries: Fix endian problems with LE migration (Steve Best) [1207050 1183198]\n- [iommu] vt-d: Work around broken RMRR firmware entries (Myron Stowe) [1205303 1195802]\n- [iommu] vt-d: Store bus information in RMRR PCI device path (Myron Stowe) [1205303 1195802]\n- [s390] zcrypt: enable s390 hwrng to seed kernel entropy (Hendrik Brueckner) [1205300 1196398]\n- [s390] zcrypt: improve device probing for zcrypt adapter cards (Hendrik Brueckner) [1205300 1196398]\n- [net] team: fix possible null pointer dereference in team_handle_frame (Jiri Pirko) [1202359 1188496]\n- [fs] fsnotify: fix handling of renames in audit (Paul Moore) [1202358 1191562]\n- [net] openvswitch: Fix net exit (Jiri Benc) [1202357 1200859]\n- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1201256 1193910]\n- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1201256 1193910]\n- [crypto] aesni: fix 'by8' variant for 128 bit keys (Herbert Xu) [1201254 1174971]\n- [crypto] aesni: remove unused defines in 'by8' variant (Herbert Xu) [1201254 1174971]\n- [crypto] aesni: fix counter overflow handling in 'by8' variant (Herbert Xu) [1201254 1174971]\n- [crypto] aes: AES CTR x86_64 'by8' AVX optimization (Herbert Xu) [1201254 1174971]\n- [kernel] audit: restore AUDIT_LOGINUID unset ABI (Richard Guy Briggs) [1197748 1120491]\n- [kernel] audit: replace getname()/putname() hacks with reference counters (Paul Moore) [1197746 1155208]\n- [kernel] audit: fix filename matching in __audit_inode() and __audit_inode_child() (Paul Moore) [1197746 1155208]\n- [kernel] audit: enable filename recording via getname_kernel() (Paul Moore) [1197746 1155208]\n- [fs] namei: simpler calling conventions for filename_mountpoint() (Paul Moore) [1197746 1155208]\n- [fs] namei: create proper filename objects using getname_kernel() (Paul Moore) [1197746 1155208]\n- [fs] namei: rework getname_kernel to handle up to PATH_MAX sized filenames (Paul Moore) [1197746 1155208]\n- [fs] namei: cut down the number of do_path_lookup() callers (Paul Moore) [1197746 1155208]\n- [fs] execve: use 'struct filename *' for executable name passing (Paul Moore) [1197746 1155208]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181177 1179347] {CVE-2014-8159}", "edition": 4, "modified": "2015-05-12T00:00:00", "published": "2015-05-12T00:00:00", "id": "ELSA-2015-0987", "href": "http://linux.oracle.com/errata/ELSA-2015-0987.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "description": "[3.10.0-229.1.2]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229.1.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181177 1179347] {CVE-2014-8159}\n[3.10.0-229.1.1]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1197751 1185400]\n- [virt] storvsc: ring buffer failures may result in I/O freeze (Vitaly Kuznetsov) [1197749 1171409]\n- [md] dm-thin: don't allow messages to be sent to a pool target in READ_ONLY or FAIL mode (Mike Snitzer) [1197745 1184592]\n- [kernel] workqueue: fix subtle pool management issue which can stall whole worker_pool (Eric Sandeen) [1197744 1165535]\n- [platform] thinkpad_acpi: support new BIOS version string pattern (Benjamin Tissoires) [1197743 1194830]\n- [x86] ioapic: kcrash: Prevent crash_kexec() from deadlocking on ioapic_lock (Baoquan He) [1197742 1182424]\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196588 1183959] {CVE-2015-1421}", "edition": 4, "modified": "2015-03-26T00:00:00", "published": "2015-03-26T00:00:00", "id": "ELSA-2015-0726", "href": "http://linux.oracle.com/errata/ELSA-2015-0726.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2014-7825", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8884", "CVE-2014-9584", "CVE-2014-3690", "CVE-2014-8171", "CVE-2014-7826"], "description": "[2.6.32-504.16.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}\n[2.6.32-504.16.1]\n- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559]\n- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529}\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}\n- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559]\n- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334]\n- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395]\n- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395]\n- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314]\n- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115]\n- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690}\n- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584}\n- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763]\n- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884}\n- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825}\n- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831]\n- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]\n- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398]\n- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061]\n- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n- [security] Add PR_\n_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n[2.6.32-504.15.1]\n- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061]\n- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540]\n- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540]\n- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]\n- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540]\n- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168]\n[2.6.32-504.14.1]\n- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137]\n- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059]\n- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059]\n- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059]\n- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405]\n- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405]\n[2.6.32-504.13.1]\n- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]\n- [scsi] Revert 'fix our current target reap infrastructure' (David Milburn) [1188941 1168072]\n- [scsi] Revert 'dual scan thread bug fix' (David Milburn) [1188941 1168072]\n- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289]\n- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289]\n- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289]", "edition": 4, "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "ELSA-2015-0864", "href": "http://linux.oracle.com/errata/ELSA-2015-0864.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-23T13:16:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-8171"], "description": "kernel-uek\n[3.8.13-68.1.3]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}", "edition": 5, "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3032", "href": "http://linux.oracle.com/errata/ELSA-2015-3032.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:14:36", "description": "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 11, "cvss3": {}, "published": "2015-01-09T21:59:00", "title": "CVE-2014-9584", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9584"], "modified": "2020-05-21T20:34:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_aus:6.6", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:oracle:linux:5", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:suse:linux_enterprise_workstation_extension:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:suse:linux_enterprise_real_time_extension:11", "cpe:/o:opensuse:evergreen:11.4", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-9584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9584", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.", "edition": 6, "cvss3": {}, "published": "2015-03-16T10:59:00", "title": "CVE-2014-8159", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8159"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.32", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2014-8159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8159", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:29", "description": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.", "edition": 4, "cvss3": {}, "published": "2014-05-08T10:55:00", "title": "CVE-2014-3215", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3215"], "modified": "2019-01-03T17:08:00", "cpe": ["cpe:/a:selinuxproject:policycoreutils:2.2.5"], "id": "CVE-2014-3215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3215", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:selinuxproject:policycoreutils:2.2.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:24", "description": "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.", "edition": 6, "cvss3": {}, "published": "2015-05-27T10:59:00", "title": "CVE-2015-3331", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3331"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:linux:linux_kernel:3.19.2"], "id": "CVE-2015-3331", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3331", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.19.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:22", "description": "Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.", "edition": 7, "cvss3": {}, "published": "2015-03-12T14:59:00", "title": "CVE-2015-2150", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2150"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.4.0", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:linux:linux_kernel:3.19.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.5.0", "cpe:/o:xen:xen:4.4.1", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.4.2", "cpe:/o:ubuntu:ubuntu:12.04"], "id": "CVE-2015-2150", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2150", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:ubuntu:ubuntu:12.04:*:lts:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.19.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:21", "description": "Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {}, "published": "2015-03-16T10:59:00", "title": "CVE-2015-1421", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1421"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.7"], "id": "CVE-2015-1421", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1421", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.7:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-06T13:23:30", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - crypto: aesni\n\n - fix memory usage in GCM decryption (Stephan Mueller)\n [Orabug: 21077385] (CVE-2015-3331)\n\n - xen/pciback: Don't disable PCI_COMMAND on PCI device\n reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438]\n (CVE-2015-2150)\n\n - xen-blkfront: fix accounting of reqs when migrating\n (Roger Pau Monne) [Orabug: 20860817]\n\n - Doc/cpu-hotplug: Specify race-free way to register CPU\n hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - net/iucv/iucv.c: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - net/core/flow.c: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - mm, vmstat: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697] \n\n - profile: Fix CPU hotplug callback registration (Srivatsa\n S. Bhat) \n\n - trace, ring-buffer: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - hwmon, via-cputemp: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) \n\n - hwmon, coretemp: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - octeon, watchdog: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - oprofile, nmi-timer: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - intel-idle: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - drivers/base/topology.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - acpi-cpufreq: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - scsi, fcoe: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697] \n\n - scsi, bnx2fc: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - scsi, bnx2i: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - arm64, debug-monitors: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - arm64, hw_breakpoint.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, kvm: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, oprofile, nmi: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, pci, amd-bus: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, hpet: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, intel, cacheinfo: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, amd, ibs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, therm_throt.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, mce: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, intel, uncore: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, vsyscall: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, cpuid: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, msr: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - powerpc, sysfs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) \n\n - sparc, sysfs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - s390, smp: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - s390, cacheinfo: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) \n\n - arm, hw-breakpoint: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, err-inject: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, topology: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, palinfo: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - CPU hotplug, perf: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - CPU hotplug: Provide lockless versions of callback\n registration functions (Srivatsa S. Bhat) [Orabug:\n 20917697]\n\n - isofs: Fix unchecked printing of ER records (Jan Kara)\n [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha\n Levin) [Orabug: 20930548] (CVE-2014-9529)\n (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass\n the limit (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL\n allocations (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the\n allocator (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more\n gracefully (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on\n OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault\n handler (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS\n or NOSUID. (Stephen Smalley) [Orabug: 20930501]\n (CVE-2014-3215)\n\n - IB/core: Prevent integer overflow in ib_umem_get address\n arithmetic (Shachar Raindel) [Orabug: 20799875]\n (CVE-2014-8159) (CVE-2014-8159)", "edition": 28, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-05-15T00:00:00", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2015-3331", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150", "CVE-2014-8171"], "modified": "2015-05-15T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2015-0060.NASL", "href": "https://www.tenable.com/plugins/nessus/83485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0060.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83485);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(67341, 71880, 71883, 73014, 73060, 74235, 74293);\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - crypto: aesni\n\n - fix memory usage in GCM decryption (Stephan Mueller)\n [Orabug: 21077385] (CVE-2015-3331)\n\n - xen/pciback: Don't disable PCI_COMMAND on PCI device\n reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438]\n (CVE-2015-2150)\n\n - xen-blkfront: fix accounting of reqs when migrating\n (Roger Pau Monne) [Orabug: 20860817]\n\n - Doc/cpu-hotplug: Specify race-free way to register CPU\n hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - net/iucv/iucv.c: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - net/core/flow.c: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - mm, vmstat: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697] \n\n - profile: Fix CPU hotplug callback registration (Srivatsa\n S. Bhat) \n\n - trace, ring-buffer: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - hwmon, via-cputemp: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) \n\n - hwmon, coretemp: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - octeon, watchdog: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - oprofile, nmi-timer: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - intel-idle: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - drivers/base/topology.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - acpi-cpufreq: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - scsi, fcoe: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697] \n\n - scsi, bnx2fc: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - scsi, bnx2i: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - arm64, debug-monitors: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - arm64, hw_breakpoint.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, kvm: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, oprofile, nmi: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, pci, amd-bus: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, hpet: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, intel, cacheinfo: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, amd, ibs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, therm_throt.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, mce: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, intel, uncore: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, vsyscall: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, cpuid: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, msr: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - powerpc, sysfs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) \n\n - sparc, sysfs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - s390, smp: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - s390, cacheinfo: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) \n\n - arm, hw-breakpoint: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, err-inject: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, topology: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, palinfo: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - CPU hotplug, perf: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - CPU hotplug: Provide lockless versions of callback\n registration functions (Srivatsa S. Bhat) [Orabug:\n 20917697]\n\n - isofs: Fix unchecked printing of ER records (Jan Kara)\n [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha\n Levin) [Orabug: 20930548] (CVE-2014-9529)\n (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass\n the limit (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL\n allocations (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the\n allocator (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more\n gracefully (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on\n OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault\n handler (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS\n or NOSUID. (Stephen Smalley) [Orabug: 20930501]\n (CVE-2014-3215)\n\n - IB/core: Prevent integer overflow in ib_umem_get address\n arithmetic (Shachar Raindel) [Orabug: 20799875]\n (CVE-2014-8159) (CVE-2014-8159)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-May/000311.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-68.2.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:22", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-68.2.2.el7uek]\n\n* crypto: aesni\n\n* fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077385] {CVE-2015-3331}\n\n[3.8.13-68.2.1.el7uek]\n\n* xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n\n* xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20860817]\n\n* Doc/cpu-hotplug: Specify race-free way to \nregister CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nnet/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. \nBhat) [Orabug: 20917697]\n\n* net/core/flow.c: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* mm, vmstat: Fix \nCPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n\n* profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* trace, ring-buffer: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* hwmon, \nvia-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* hwmon, coretemp: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* octeon, watchdog: \nFix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: \n20917697]\n\n* oprofile, nmi-timer: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* intel-idle: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \ndrivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa \nS. Bhat) [Orabug: 20917697]\n\n* acpi-cpufreq: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* scsi, fcoe: Fix \nCPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n\n* scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* scsi, bnx2i: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* arm64, \ndebug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* arm64, hw_breakpoint.c: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, kvm: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. \nBhat) [Orabug: 20917697]\n\n* x86, pci, amd-bus: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, hpet: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa \nS. Bhat) [Orabug: 20917697]\n\n* x86, amd, ibs: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, \ntherm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* x86, mce: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, intel, uncore: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* x86, cpuid: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, msr: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* powerpc, \nsysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* sparc, sysfs: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* s390, smp: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* s390, \ncacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* arm, hw-breakpoint: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* ia64, err-inject: \nFix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: \n20917697]\n\n* ia64, topology: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* ia64, palinfo: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* CPU \nhotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* CPU hotplug: Provide lockless versions of \ncallback registration functions (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nisofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930551] {CVE-2014-9584}\n\n* KEYS: close race between key lookup and freeing (Sasha Levin) \n[Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n\n* mm: memcg: do not allow task about to OOM kill to bypass the limit \n(Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* fs: buffer: move allocation failure loop into the allocator (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: handle non-error OOM situations more gracefully (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: do not trap chargers with full callstack on OOM (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: rework and document OOM waiting and wakeup (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: enable memcg OOM killer only for user faults (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* x86: finish user fault error path with fatal signal (Johannes Weiner) \n [Orabug: 20930539] {CVE-2014-8171}\n\n* arch: mm: pass userspace fault flag to generic fault handler (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n\n* IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}", "edition": 25, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-05-14T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2015-3331", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150", "CVE-2014-8171"], "modified": "2015-05-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el7uek", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el6uek"], "id": "ORACLELINUX_ELSA-2015-3035.NASL", "href": "https://www.tenable.com/plugins/nessus/83448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3035.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83448);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(67341, 71880, 71883, 73014, 73060, 74235, 74293);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-68.2.2.el7uek]\n\n* crypto: aesni\n\n* fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077385] {CVE-2015-3331}\n\n[3.8.13-68.2.1.el7uek]\n\n* xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n\n* xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20860817]\n\n* Doc/cpu-hotplug: Specify race-free way to \nregister CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nnet/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. \nBhat) [Orabug: 20917697]\n\n* net/core/flow.c: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* mm, vmstat: Fix \nCPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n\n* profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* trace, ring-buffer: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* hwmon, \nvia-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* hwmon, coretemp: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* octeon, watchdog: \nFix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: \n20917697]\n\n* oprofile, nmi-timer: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* intel-idle: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \ndrivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa \nS. Bhat) [Orabug: 20917697]\n\n* acpi-cpufreq: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* scsi, fcoe: Fix \nCPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n\n* scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* scsi, bnx2i: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* arm64, \ndebug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* arm64, hw_breakpoint.c: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, kvm: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. \nBhat) [Orabug: 20917697]\n\n* x86, pci, amd-bus: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, hpet: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa \nS. Bhat) [Orabug: 20917697]\n\n* x86, amd, ibs: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, \ntherm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* x86, mce: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, intel, uncore: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* x86, cpuid: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, msr: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* powerpc, \nsysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* sparc, sysfs: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* s390, smp: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* s390, \ncacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* arm, hw-breakpoint: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* ia64, err-inject: \nFix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: \n20917697]\n\n* ia64, topology: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* ia64, palinfo: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* CPU \nhotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* CPU hotplug: Provide lockless versions of \ncallback registration functions (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nisofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930551] {CVE-2014-9584}\n\n* KEYS: close race between key lookup and freeing (Sasha Levin) \n[Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n\n* mm: memcg: do not allow task about to OOM kill to bypass the limit \n(Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* fs: buffer: move allocation failure loop into the allocator (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: handle non-error OOM situations more gracefully (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: do not trap chargers with full callstack on OOM (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: rework and document OOM waiting and wakeup (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: enable memcg OOM killer only for user faults (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* x86: finish user fault error path with fatal signal (Johannes Weiner) \n [Orabug: 20930539] {CVE-2014-8171}\n\n* arch: mm: pass userspace fault flag to generic fault handler (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n\n* IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005070.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2015-2150\", \"CVE-2015-3331\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3035\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.2.2.el6uek-0.4.3-4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.2.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.2.2.el7uek-0.4.3-4.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.2.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:21", "description": "Description of changes:\n\n[2.6.39-400.249.3.el6uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n\n[2.6.39-400.249.2.el6uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 23, "published": "2015-04-01T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3020)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159", "CVE-2015-2150"], "modified": "2015-04-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3020.NASL", "href": "https://www.tenable.com/plugins/nessus/82490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3020.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82490);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_bugtraq_id(72356, 73014, 73060);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3020)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.249.3.el6uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n\n[2.6.39-400.249.2.el6uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004961.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004962.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3020\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.249.3.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.249.3.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:20", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-68.1.2.el7uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\n\n[3.8.13-68.1.1.el7uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421}", "edition": 23, "published": "2015-04-02T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159", "CVE-2015-2150"], "modified": "2015-04-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.1.2.el7uek", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.1.2.el6uek", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3019.NASL", "href": "https://www.tenable.com/plugins/nessus/82518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3019.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82518);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_bugtraq_id(72356, 73014, 73060);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-68.1.2.el7uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\n\n[3.8.13-68.1.1.el7uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004975.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004976.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.1.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.1.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3019\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.1.2.el6uek-0.4.3-4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.1.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.1.2.el7uek-0.4.3-4.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.1.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:22", "description": "Description of changes:\n\nkernel-uek\n[2.6.32-400.37.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "edition": 23, "published": "2015-04-24T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2014-9584"], "modified": "2015-04-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uekdebug", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uek", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3034.NASL", "href": "https://www.tenable.com/plugins/nessus/83047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3034.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83047);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[2.6.32-400.37.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005021.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-9584\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3034\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.4.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.4.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.4.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.4.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.4.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.4.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.4.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.4.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:21", "description": "Description of changes:\n\n[2.6.39-400.249.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "edition": 23, "published": "2015-04-24T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2014-9584"], "modified": "2015-04-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3033.NASL", "href": "https://www.tenable.com/plugins/nessus/83046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3033.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83046);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.249.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-9584\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3033\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.249.4.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.249.4.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:33", "description": "Update to latest upstream 4.0 release, Linux v4.0-rc4. This also\nshould fix some aarch64 hangs and builds with variant set. UEFI ESRT\nsupport is added.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-03-25T00:00:00", "title": "Fedora 22 : kernel-4.0.0-0.rc4.git0.1.fc22 (2015-4066)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8159", "CVE-2015-2150"], "modified": "2015-03-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-4066.NASL", "href": "https://www.tenable.com/plugins/nessus/82056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4066.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82056);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-2150\");\n script_bugtraq_id(73014, 73060);\n script_xref(name:\"FEDORA\", value:\"2015-4066\");\n\n script_name(english:\"Fedora 22 : kernel-4.0.0-0.rc4.git0.1.fc22 (2015-4066)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream 4.0 release, Linux v4.0-rc4. This also\nshould fix some aarch64 hangs and builds with variant set. UEFI ESRT\nsupport is added.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1181166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196266\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5640de0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.0.0-0.rc4.git0.1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:52", "description": "From Red Hat Security Advisory 2015:0726 :\n\nUpdated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThis update also fixes the following bugs :\n\n* In certain systems with multiple CPUs, when a crash was triggered on\none CPU with an interrupt handler and this CPU sent Non-Maskable\nInterrupt (NMI) to another CPU, and, at the same time, ioapic_lock had\nalready been acquired, a deadlock occurred in ioapic_lock. As a\nconsequence, the kdump service could become unresponsive. This bug has\nbeen fixed and kdump now works as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the\nthinkpad_acpi module was not properly loaded, and thus the function\nkeys and radio switches did not work. This update applies a new string\npattern of BIOS version, which fixes this bug, and function keys and\nradio switches now work as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all\nworker threads in the pool became blocked on a resource, and no\nmanager thread existed to create more workers. As a consequence, the\nrunning processes became unresponsive. With this update, the logic\naround manager creation has been changed to assure that the last\nworker thread becomes a manager thread and does not start executing\nwork items. Now, a manager thread exists, spawns new workers as\nneeded, and processes no longer hang. (BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for\nexample, due to thin-pool running out of metadata or data space, any\nattempt to make metadata changes such as creating a thin device or\nsnapshot thin device should error out cleanly. However, previously,\nthe kernel code returned verbose and alarming error messages to the\nuser. With this update, due to early trapping of attempt to make\nmetadata changes, informative errors are displayed, no longer\nunnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft\nHyper-V hypervisor, the storvsc module did not return the correct\nerror code for the upper level Small Computer System Interface (SCSI)\nsubsystem. As a consequence, a SCSI command failed and storvsc did not\nhandle such a failure properly under some conditions, for example,\nwhen RAID devices were created on top of storvsc devices. An upstream\npatch has been applied to fix this bug, and storvsc now returns the\ncorrect error code in the described situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 25, "published": "2015-03-27T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2015-0726)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "modified": "2015-03-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2015-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/82287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0726 and \n# Oracle Linux Security Advisory ELSA-2015-0726 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82287);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_bugtraq_id(72356, 73060);\n script_xref(name:\"RHSA\", value:\"2015:0726\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2015-0726)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0726 :\n\nUpdated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThis update also fixes the following bugs :\n\n* In certain systems with multiple CPUs, when a crash was triggered on\none CPU with an interrupt handler and this CPU sent Non-Maskable\nInterrupt (NMI) to another CPU, and, at the same time, ioapic_lock had\nalready been acquired, a deadlock occurred in ioapic_lock. As a\nconsequence, the kdump service could become unresponsive. This bug has\nbeen fixed and kdump now works as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the\nthinkpad_acpi module was not properly loaded, and thus the function\nkeys and radio switches did not work. This update applies a new string\npattern of BIOS version, which fixes this bug, and function keys and\nradio switches now work as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all\nworker threads in the pool became blocked on a resource, and no\nmanager thread existed to create more workers. As a consequence, the\nrunning processes became unresponsive. With this update, the logic\naround manager creation has been changed to assure that the last\nworker thread becomes a manager thread and does not start executing\nwork items. Now, a manager thread exists, spawns new workers as\nneeded, and processes no longer hang. (BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for\nexample, due to thin-pool running out of metadata or data space, any\nattempt to make metadata changes such as creating a thin device or\nsnapshot thin device should error out cleanly. However, previously,\nthe kernel code returned verbose and alarming error messages to the\nuser. With this update, due to early trapping of attempt to make\nmetadata changes, informative errors are displayed, no longer\nunnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft\nHyper-V hypervisor, the storvsc module did not return the correct\nerror code for the upper level Small Computer System Interface (SCSI)\nsubsystem. As a consequence, a SCSI command failed and storvsc did not\nhandle such a failure properly under some conditions, for example,\nwhen RAID devices were created on top of storvsc devices. An upstream\npatch has been applied to fix this bug, and storvsc now returns the\ncorrect error code in the described situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004952.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-0726\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-229.1.2.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T05:34:29", "description": "Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThis update also fixes the following bugs :\n\n* In certain systems with multiple CPUs, when a crash was triggered on\none CPU with an interrupt handler and this CPU sent Non-Maskable\nInterrupt (NMI) to another CPU, and, at the same time, ioapic_lock had\nalready been acquired, a deadlock occurred in ioapic_lock. As a\nconsequence, the kdump service could become unresponsive. This bug has\nbeen fixed and kdump now works as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the\nthinkpad_acpi module was not properly loaded, and thus the function\nkeys and radio switches did not work. This update applies a new string\npattern of BIOS version, which fixes this bug, and function keys and\nradio switches now work as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all\nworker threads in the pool became blocked on a resource, and no\nmanager thread existed to create more workers. As a consequence, the\nrunning processes became unresponsive. With this update, the logic\naround manager creation has been changed to assure that the last\nworker thread becomes a manager thread and does not start executing\nwork items. Now, a manager thread exists, spawns new workers as\nneeded, and processes no longer hang. (BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for\nexample, due to thin-pool running out of metadata or data space, any\nattempt to make metadata changes such as creating a thin device or\nsnapshot thin device should error out cleanly. However, previously,\nthe kernel code returned verbose and alarming error messages to the\nuser. With this update, due to early trapping of attempt to make\nmetadata changes, informative errors are displayed, no longer\nunnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft\nHyper-V hypervisor, the storvsc module did not return the correct\nerror code for the upper level Small Computer System Interface (SCSI)\nsubsystem. As a consequence, a SCSI command failed and storvsc did not\nhandle such a failure properly under some conditions, for example,\nwhen RAID devices were created on top of storvsc devices. An upstream\npatch has been applied to fix this bug, and storvsc now returns the\ncorrect error code in the described situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 31, "published": "2015-03-27T00:00:00", "title": "RHEL 7 : kernel (RHSA-2015:0726)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2015-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/82290", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0726. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82290);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_xref(name:\"RHSA\", value:\"2015:0726\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2015:0726)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThis update also fixes the following bugs :\n\n* In certain systems with multiple CPUs, when a crash was triggered on\none CPU with an interrupt handler and this CPU sent Non-Maskable\nInterrupt (NMI) to another CPU, and, at the same time, ioapic_lock had\nalready been acquired, a deadlock occurred in ioapic_lock. As a\nconsequence, the kdump service could become unresponsive. This bug has\nbeen fixed and kdump now works as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the\nthinkpad_acpi module was not properly loaded, and thus the function\nkeys and radio switches did not work. This update applies a new string\npattern of BIOS version, which fixes this bug, and function keys and\nradio switches now work as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all\nworker threads in the pool became blocked on a resource, and no\nmanager thread existed to create more workers. As a consequence, the\nrunning processes became unresponsive. With this update, the logic\naround manager creation has been changed to assure that the last\nworker thread becomes a manager thread and does not start executing\nwork items. Now, a manager thread exists, spawns new workers as\nneeded, and processes no longer hang. (BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for\nexample, due to thin-pool running out of metadata or data space, any\nattempt to make metadata changes such as creating a thin device or\nsnapshot thin device should error out cleanly. However, previously,\nthe kernel code returned verbose and alarming error messages to the\nuser. With this update, due to early trapping of attempt to make\nmetadata changes, informative errors are displayed, no longer\nunnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft\nHyper-V hypervisor, the storvsc module did not return the correct\nerror code for the upper level Small Computer System Interface (SCSI)\nsubsystem. As a consequence, a SCSI command failed and storvsc did not\nhandle such a failure properly under some conditions, for example,\nwhen RAID devices were created on top of storvsc devices. An upstream\npatch has been applied to fix this bug, and storvsc now returns the\ncorrect error code in the described situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1421\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0726\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0726\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T05:34:29", "description": "Updated kernel-rt packages that fix two security issues and several\nbugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.1.2,\nwhich provides a number of bug fixes over the previous version,\nincluding :\n\n* The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n* Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1203359)\n\nAll kernel-rt users are advised to upgrade to these updated packages,\nwhich correct these issues. The system must be rebooted for this\nupdate to take effect.", "edition": 29, "published": "2015-04-01T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2015:0727)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2015-0727.NASL", "href": "https://www.tenable.com/plugins/nessus/82493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0727. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82493);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_xref(name:\"RHSA\", value:\"2015:0727\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2015:0727)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix two security issues and several\nbugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.1.2,\nwhich provides a number of bug fixes over the previous version,\nincluding :\n\n* The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n* Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1203359)\n\nAll kernel-rt users are advised to upgrade to these updated packages,\nwhich correct these issues. The system must be rebooted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1421\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0727\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0727\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-229.1.2.rt56.141.2.el7_1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-04-11T19:14:37", "bulletinFamily": "software", "cvelist": ["CVE-2014-9584"], "description": "\nF5 Product Development has assigned ID 505678 (BIG-IP), ID 525389 (BIG-IQ), ID 525390 (Enterprise Manager), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17245 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP DNS| 12.0.0| None| Low| Linux subsystem \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Linux subsystem \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ ADC| 4.5.0| None| Low| Linux subsystem \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Linux subsystem \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should limit system access to only trusted users. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T19:19:00", "published": "2015-09-08T22:22:00", "id": "F5:K17245", "href": "https://support.f5.com/csp/article/K17245", "title": "Linux kernel vulnerability CVE-2014-9584", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-03-19T09:01:40", "bulletinFamily": "software", "cvelist": ["CVE-2014-9584"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should limit system access to only trusted users. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17245.html", "id": "SOL17245", "title": "SOL17245 - Linux kernel vulnerability CVE-2014-9584", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-12T02:11:15", "bulletinFamily": "software", "cvelist": ["CVE-2015-3331"], "edition": 1, "description": " \n\n\nThe __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. ([CVE-2015-3331](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331>)) \n\n\nImpact \n\n\nThis vulnerability may allow attackers to cause a denial-of-service (buffer overflow and system crash) or possibly execute arbitrary code. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-06-30T06:17:00", "id": "F5:K16819", "href": "https://support.f5.com/csp/article/K16819", "title": "Linux kernel vulnerability CVE-2015-3331", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-18T15:42:49", "bulletinFamily": "software", "cvelist": ["CVE-2015-2150"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP AAM | None | 12.0.0 \n11.4.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP AFM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP Analytics | None | 12.0.0 \n11.0.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP APM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP ASM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP DNS | None \n| 12.0.0 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP Link Controller | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP PEM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP WebAccelerator | None \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable \n| None \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n| Not vulnerable | None \n \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ Device | None | 4.2.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ Security | None | 4.0.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ ADC | None | 4.5.0 \n| Not vulnerable | None \n \nLineRate | None | 2.5.0 - 2.6.1 \n| Not vulnerable | None \n \nF5 WebSafe | None | 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable \n| None \n\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-02-06T01:03:00", "published": "2015-11-04T03:45:00", "id": "F5:K17541", "href": "https://support.f5.com/csp/article/K17541", "title": "Linux kernel vulnerability CVE-2015-2150", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-3215"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/500/sol16596.html", "id": "SOL16596", "title": "SOL16596 - Privilege escalation vulnerability CVE-2014-3215", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:10", "bulletinFamily": "software", "cvelist": ["CVE-2015-3331"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "modified": "2015-06-29T00:00:00", "published": "2015-06-29T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16819.html", "id": "SOL16819", "title": "SOL16819 - Linux kernel vulnerability CVE-2015-3331", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:19", "bulletinFamily": "software", "cvelist": ["CVE-2015-2150"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-11-03T00:00:00", "published": "2015-11-03T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/500/sol17541.html", "id": "SOL17541", "title": "SOL17541 - Linux kernel vulnerability CVE-2015-2150", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-04-16T04:21:22", "bulletinFamily": "software", "cvelist": ["CVE-2015-1421"], "description": "\nF5 Product Development has assigned ID 520183 (BIG-IP), ID 525368 (BIG-IQ), ID 525369 (Enterprise Manager), and INSTALLER-1420 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17242 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Severe*| SCTP kernel module \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ ADC| 4.5.0| None| Severe*| SCTP kernel module \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| High| SCTP FEP \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code (SCTP kernel module), but the code is not enabled by default. Before a remote attacker can exploit this vulnerability, a locally authenticated administrative user must load the vulnerable SCTP kernel module, create a listener (such as self IP) on the control plane, and allow SCTP traffic on this listener. Because of the specific conditions required for exploit, F5 Product Development considers affected BIG-IP/BIG-IQ/Enterprise Manager systems as not vulnerable in a standard configuration and severely vulnerable if the described conditions are met.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nIf you must load the vulnerable SCTP kernel module for your environment, F5 recommends that you block upstream traffic to the control plane of the affected systems. To mitigate this vulnerability for an affected system, you should permit access to the management interface, and/or the self IP that exposes SCTP listeners, over a secure network.\n\nTraffix SDC \n\nTo mitigate this vulnerability for an affected system, you should use iptables rules to limit SCTP access to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T19:15:00", "published": "2015-09-10T03:22:00", "id": "F5:K17242", "href": "https://support.f5.com/csp/article/K17242", "title": "Linux kernel SCTP vulnerability CVE-2015-1421", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:02:05", "bulletinFamily": "software", "cvelist": ["CVE-2015-1421"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code (SCTP kernel module), but the code is not enabled by default. Before a remote attacker can exploit this vulnerability, a locally authenticated administrative user must load the vulnerable SCTP kernel module, create a listener (such as self IP) on the control plane, and allow SCTP traffic on this listener. Because of the specific conditions required for exploit, F5 Product Development considers affected BIG-IP/BIG-IQ/Enterprise Manager systems as not vulnerable in a standard configuration and severely vulnerable if the described conditions are met.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nIf you must load the vulnerable SCTP kernel module for your environment, F5 recommends that you block upstream traffic to the control plane of the affected systems. To mitigate this vulnerability for an affected system, you should permit access to the management interface, and/or the self IP that exposes SCTP listeners, over a secure network.\n\nTraffix SDC \n\nTo mitigate this vulnerability for an affected system, you should use iptables rules to limit SCTP access to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-09T00:00:00", "published": "2015-09-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html", "id": "SOL17242", "title": "SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2014-8369", "CVE-2014-8159", "CVE-2014-3601"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-04-22T00:00:00", "published": "2015-04-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16478.html", "id": "SOL16478", "title": "SOL16478 - Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159", "CVE-2015-2150"], "description": "Oracle Linux Local Security Checks ELSA-2015-3020", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123143", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3020.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123143\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:27 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3020\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3020 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3020\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3020.html\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159", "CVE-2015-2150"], "description": "Oracle Linux Local Security Checks ELSA-2015-3019", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123144", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3019.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123144\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:27 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3019\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3019 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3019\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3019.html\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.1.2.el7uek~0.4.3~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.1.2.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T18:45:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310105356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105356", "type": "openvas", "title": "F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105356\");\n script_cve_id(\"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html?sr=48315147\");\n\n script_tag(name:\"impact\", value:\"Remote attackers may be able to cause a denial-of-service (DoS) attack on an affected system by triggering an INIT collision in the Stream Control Transmission Protocol (SCTP). This vulnerability does not affect SCTP functionality on the data plane, but does affect the SCTP kernel module on the control plane for BIG-IP, BIG-IQ, and Enterprise Manager systems.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (CVE-2015-1421)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 14:09:09 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2014-9584"], "description": "Oracle Linux Local Security Checks ELSA-2015-3034", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123126", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3034", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3034.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123126\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3034\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3034 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3034\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3034.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2014-9584"], "description": "Oracle Linux Local Security Checks ELSA-2015-3033", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123125", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3033.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123125\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3033\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3033 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3033\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3033.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3331", "CVE-2015-2150"], "description": "Oracle Linux Local Security Checks ELSA-2015-3035", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123113", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3035.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123113\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:03 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3035\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3035 - Unbreakable Enterprise kernel security and bugfix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3035\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3035.html\");\n script_cve_id(\"CVE-2015-2150\", \"CVE-2015-3331\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.2.2.el7uek~0.4.3~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.2.2.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3331", "CVE-2015-2150"], "description": "Oracle Linux Local Security Checks ELSA-2015-3036", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123114", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3036", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3036.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123114\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3036\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3036 - Unbreakable Enterprise kernel security and bugfix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3036\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3036.html\");\n script_cve_id(\"CVE-2015-2150\", \"CVE-2015-3331\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8159", "CVE-2015-2150"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869595", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-4066", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-4066\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869595\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:26:18 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-2150\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-4066\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4066\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.0.0~0.rc4.git0.1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2015-04-01T00:00:00", "id": "OPENVAS:1361412562310882145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882145", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:0726 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:0726 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882145\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:23:59 +0200 (Wed, 01 Apr 2015)\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2015:0726 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n * A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n * In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n * On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n * During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n * If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessaril ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0726\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021024.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.1.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-27T00:00:00", "id": "OPENVAS:1361412562310871343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871343", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:0726-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:0726-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871343\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 06:53:37 +0100 (Fri, 27 Mar 2015)\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:0726-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n * A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n * In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n * On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n * During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n * If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndis ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0726-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00050.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:06", "bulletinFamily": "software", "cvelist": ["CVE-2014-8159"], "description": "CVE-2014-8159 \u2013 Linux Kernel Infiniband Vulnerability\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 10.04 LTS and 14.04 LTS \n\n# Description\n\nIt was found that the Linux kernel\u2019s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from the userspace via the (u)verbs API. As a result, an unrestricted physical memory access could be achieved. A local user with access to /dev/infiniband/uverbsX could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n\nThe Cloud Foundry team is aware of vulnerable versions of the Linux kernel but has determined that the project is not affected by this vulnerability.\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * The Cloud Foundry team is expecting to release a patched BOSH stemcell with an upgraded Linux kernel. We will update this page when it is released. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore do not require any upgrades. \n\n# Credit\n\nMellanox\n\n# References\n\n * <http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8159.html>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2015-03-13T00:00:00", "published": "2015-03-13T00:00:00", "id": "CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0", "href": "https://www.cloudfoundry.org/blog/cve-2014-8159/", "title": "CVE-2014-8159 - Linux Kernel Infiniband Vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-2150"], "description": "The kernel meta package ", "modified": "2015-03-22T04:43:08", "published": "2015-03-22T04:43:08", "id": "FEDORA:64A3560E556B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.0.0-0.rc4.git0.1.fc22", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-1421"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V\nhypervisor, the storvsc module did not return the correct error code for\nthe upper level Small Computer System Interface (SCSI) subsystem. As a\nconsequence, a SCSI command failed and storvsc did not handle such a\nfailure properly under some conditions, for example, when RAID devices were\ncreated on top of storvsc devices. An upstream patch has been applied to\nfix this bug, and storvsc now returns the correct error code in the\ndescribed situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-07-10T18:08:41", "published": "2015-03-26T13:16:32", "id": "RHSA-2015:0726", "href": "https://access.redhat.com/errata/RHSA-2015:0726", "type": "redhat", "title": "(RHSA-2015:0726) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-1421"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThe MRG-Realtime 3.10 kernel-rt sources have been updated to include the\nfollowing bug fixes:\n\n* The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n* Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1201384)\n\nThis update also fixes the following bug:\n\n* The MRG kernel scheduler code was missing checks for the PREEMPT_LAZY\nflag allowing tasks to be preempted more times than necessary causing\nlatency spikes on the system. Additional checks for the PREEMPT_LAZY flag\nwere added to the check_preempt_wakeup() and check_preempt_curr() functions\nin the scheduler code so that preempt wakeups were reduced and these\nlatency spikes were removed. (BZ#1157949)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues. The system must be rebooted for this update to take\neffect.\n", "modified": "2018-06-07T08:58:25", "published": "2015-03-30T04:00:00", "id": "RHSA-2015:0751", "href": "https://access.redhat.com/errata/RHSA-2015:0751", "type": "redhat", "title": "(RHSA-2015:0751) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-1421"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.1.2, which\nprovides a number of bug fixes over the previous version, including:\n\n- The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n- Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1203359)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues. The system must be rebooted for this update to take\neffect.", "modified": "2018-03-19T16:29:52", "published": "2015-03-26T13:17:14", "id": "RHSA-2015:0727", "href": "https://access.redhat.com/errata/RHSA-2015:0727", "type": "redhat", "title": "(RHSA-2015:0727) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-3690", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-8171", "CVE-2014-8884", "CVE-2014-9529", "CVE-2014-9584", "CVE-2015-1421"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-06-06T20:24:17", "published": "2015-04-21T04:00:00", "id": "RHSA-2015:0864", "href": "https://access.redhat.com/errata/RHSA-2015:0864", "type": "redhat", "title": "(RHSA-2015:0864) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0726\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V\nhypervisor, the storvsc module did not return the correct error code for\nthe upper level Small Computer System Interface (SCSI) subsystem. As a\nconsequence, a SCSI command failed and storvsc did not handle such a\nfailure properly under some conditions, for example, when RAID devices were\ncreated on top of storvsc devices. An upstream patch has been applied to\nfix this bug, and storvsc now returns the correct error code in the\ndescribed situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033062.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0726.html", "edition": 4, "modified": "2015-04-01T03:22:51", "published": "2015-04-01T03:22:51", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033062.html", "id": "CESA-2015:0726", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2014-7825", "CVE-2015-1421", "CVE-2014-8884", "CVE-2014-9584", "CVE-2014-3690", "CVE-2014-8171", "CVE-2014-7826"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0864\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033121.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0864.html", "edition": 3, "modified": "2015-04-22T09:51:52", "published": "2015-04-22T09:51:52", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033121.html", "id": "CESA-2015:0864", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:32:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9715", "CVE-2015-2830", "CVE-2015-3331", "CVE-2015-2150"], "description": "Vincent Tondellier discovered an integer overflow in the Linux kernel's \nnetfilter connection tracking accounting of loaded extensions. An attacker \non the local area network (LAN) could potential exploit this flaw to cause \na denial of service (system crash of targeted system). (CVE-2014-9715)\n\nJan Beulich discovered the Xen virtual machine subsystem of the Linux \nkernel did not properly restrict access to PCI command registers. A local \nguest user could exploit this flaw to cause a denial of service (host \ncrash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 \nentry on 64 bit kernels with 32 bit emulation support. An unprivileged \nlocal attacker could exploit this flaw to increase their privileges on the \nsystem. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the \nIntel AES-NI accelerated code path. A remote attacker could exploit this \nflaw to cause a denial of service (system crash) or potentially escalate \nprivileges on Intel base machines with AEC-GCM mode IPSec security \nassociation. (CVE-2015-3331)", "edition": 5, "modified": "2015-05-20T00:00:00", "published": "2015-05-20T00:00:00", "id": "USN-2613-1", "href": "https://ubuntu.com/security/notices/USN-2613-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9715", "CVE-2015-2830", "CVE-2015-3331", "CVE-2015-2150"], "description": "Vincent Tondellier discovered an integer overflow in the Linux kernel's \nnetfilter connection tracking accounting of loaded extensions. An attacker \non the local area network (LAN) could potential exploit this flaw to cause \na denial of service (system crash of targeted system). (CVE-2014-9715)\n\nJan Beulich discovered the Xen virtual machine subsystem of the Linux \nkernel did not properly restrict access to PCI command registers. A local \nguest user could exploit this flaw to cause a denial of service (host \ncrash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 entry \non 64 bit kernels with 32 bit emulation support. An unprivileged local \nattacker could exploit this flaw to increase their privileges on the \nsystem. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the \nIntel AES-NI accelerated code path. A remote attacker could exploit this \nflaw to cause a denial of service (system crash) or potentially escalate \nprivileges on Intel base machines with AEC-GCM mode IPSec security \nassociation. (CVE-2015-3331)", "edition": 5, "modified": "2015-05-20T00:00:00", "published": "2015-05-20T00:00:00", "id": "USN-2614-1", "href": "https://ubuntu.com/security/notices/USN-2614-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-3331", "CVE-2015-3636", "CVE-2015-2150", "CVE-2015-4167"], "description": "Jan Beulich discovered the Xen virtual machine subsystem of the Linux \nkernel did not properly restrict access to PCI command registers. A local \nguest user could exploit this flaw to cause a denial of service (host \ncrash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 \nentry on 64 bit kernels with 32 bit emulation support. An unprivileged \nlocal attacker could exploit this flaw to increase their privileges on the \nsystem. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the \nIntel AES-NI accelerated code path. A remote attacker could exploit this \nflaw to cause a denial of service (system crash) or potentially escalate \nprivileges on Intel base machines with AEC-GCM mode IPSec security \nassociation. (CVE-2015-3331)\n\nWen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping \nsupport. A local user could exploit this flaw to cause a denial of service \n(system crash) or gain administrative privileges on the system. \n(CVE-2015-3636)\n\nCarl H Lunde discovered missing sanity checks in the Linux kernel's UDF \nfile system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause \na denial of service (system crash) by using a corrupted file system image. \n(CVE-2015-4167)", "edition": 5, "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "USN-2632-1", "href": "https://ubuntu.com/security/notices/USN-2632-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-3331", "CVE-2015-3636", "CVE-2015-2150", "CVE-2015-4167"], "description": "Jan Beulich discovered the Xen virtual machine subsystem of the Linux \nkernel did not properly restrict access to PCI command registers. A local \nguest user could exploit this flaw to cause a denial of service (host \ncrash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 \nentry on 64 bit kernels with 32 bit emulation support. An unprivileged \nlocal attacker could exploit this flaw to increase their privileges on the \nsystem. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the \nIntel AES-NI accelerated code path. A remote attacker could exploit this \nflaw to cause a denial of service (system crash) or potentially escalate \nprivileges on Intel base machines with AEC-GCM mode IPSec security \nassociation. (CVE-2015-3331)\n\nWen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping \nsupport. A local user could exploit this flaw to cause a denial of service \n(system crash) or gain administrative privileges on the system. \n(CVE-2015-3636)\n\nCarl H Lunde discovered missing sanity checks in the Linux kernel's UDF \nfile system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause \na denial of service (system crash) by using a corrupted file system image. \n(CVE-2015-4167)", "edition": 5, "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "USN-2631-1", "href": "https://ubuntu.com/security/notices/USN-2631-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-2830", "CVE-2015-3331", "CVE-2015-3636", "CVE-2015-2150", "CVE-2015-4167"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2631-1\r\nJune 10, 2015\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nJan Beulich discovered the Xen virtual machine subsystem of the Linux\r\nkernel did not properly restrict access to PCI command registers. A local\r\nguest user could exploit this flaw to cause a denial of service (host\r\ncrash). (CVE-2015-2150)\r\n\r\nA privilege escalation was discovered in the fork syscall via the int80\r\nentry on 64 bit kernels with 32 bit emulation support. An unprivileged\r\nlocal attacker could exploit this flaw to increase their privileges on the\r\nsystem. (CVE-2015-2830)\r\n\r\nA memory corruption issue was discovered in AES decryption when using the\r\nIntel AES-NI accelerated code path. A remote attacker could exploit this\r\nflaw to cause a denial of service (system crash) or potentially escalate\r\nprivileges on Intel base machines with AEC-GCM mode IPSec security\r\nassociation. (CVE-2015-3331)\r\n\r\nWen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping\r\nsupport. A local user could exploit this flaw to cause a denial of service\r\n(system crash) or gain administrative privileges on the system.\r\n(CVE-2015-3636)\r\n\r\nCarl H Lunde discovered missing sanity checks in the the Linux kernel's UDF\r\nfile system (CONFIG_UDF_FS). A local attack could exploit this flaw to cause\r\na denial of service (system crash) by using a corrupted filesystem image.\r\n(CVE-2015-4167)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n linux-image-3.2.0-85-generic 3.2.0-85.122\r\n linux-image-3.2.0-85-generic-pae 3.2.0-85.122\r\n linux-image-3.2.0-85-highbank 3.2.0-85.122\r\n linux-image-3.2.0-85-omap 3.2.0-85.122\r\n linux-image-3.2.0-85-powerpc-smp 3.2.0-85.122\r\n linux-image-3.2.0-85-powerpc64-smp 3.2.0-85.122\r\n linux-image-3.2.0-85-virtual 3.2.0-85.122\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2631-1\r\n CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636,\r\n CVE-2015-4167\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.2.0-85.122\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-06-13T00:00:00", "published": "2015-06-13T00:00:00", "id": "SECURITYVULNS:DOC:32205", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32205", "title": "[USN-2631-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-9715", "CVE-2015-2830", "CVE-2015-3332", "CVE-2015-2922", "CVE-2015-3339", "CVE-2015-3331", "CVE-2014-8159", "CVE-2015-2150", "CVE-2015-2041", "CVE-2015-2042"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3237-1 security@debian.org\r\nhttp://www.debian.org/security/ Ben Hutchings\r\nApril 26, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux\r\nCVE ID : CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042\r\n CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331\r\n CVE-2015-3332 CVE-2015-3339\r\nDebian Bug : 741667 782515 782561 782698\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that\r\nmay lead to a privilege escalation, denial of service or information\r\nleaks.\r\n\r\nCVE-2014-8159\r\n\r\n It was found that the Linux kernel's InfiniBand/RDMA subsystem did\r\n not properly sanitize input parameters while registering memory\r\n regions from user space via the (u)verbs API. A local user with\r\n access to a /dev/infiniband/uverbsX device could use this flaw to\r\n crash the system or, potentially, escalate their privileges on the\r\n system.\r\n\r\nCVE-2014-9715\r\n\r\n It was found that the netfilter connection tracking subsystem used\r\n too small a type as an offset within each connection's data\r\n structure, following a bug fix in Linux 3.2.33 and 3.6. In some\r\n configurations, this would lead to memory corruption and crashes\r\n (even without malicious traffic). This could potentially also\r\n result in violation of the netfilter policy or remote code\r\n execution.\r\n\r\n This can be mitigated by disabling connection tracking accounting:\r\n sysctl net.netfilter.nf_conntrack_acct=0\r\n\r\nCVE-2015-2041\r\n\r\n Sasha Levin discovered that the LLC subsystem exposed some variables\r\n as sysctls with the wrong type. On a 64-bit kernel, this possibly\r\n allows privilege escalation from a process with CAP_NET_ADMIN\r\n capability; it also results in a trivial information leak.\r\n\r\nCVE-2015-2042\r\n\r\n Sasha Levin discovered that the RDS subsystem exposed some variables\r\n as sysctls with the wrong type. On a 64-bit kernel, this results in\r\n a trivial information leak.\r\n\r\nCVE-2015-2150\r\n\r\n Jan Beulich discovered that Xen guests are currently permitted to\r\n modify all of the (writable) bits in the PCI command register of\r\n devices passed through to them. This in particular allows them to\r\n disable memory and I/O decoding on the device unless the device is\r\n an SR-IOV virtual function, which can result in denial of service\r\n to the host.\r\n\r\nCVE-2015-2830\r\n\r\n Andrew Lutomirski discovered that when a 64-bit task on an amd64\r\n kernel makes a fork(2) or clone(2) system call using int $0x80, the\r\n 32-bit compatibility flag is set (correctly) but is not cleared on\r\n return. As a result, both seccomp and audit will misinterpret the\r\n following system call by the task(s), possibly leading to a\r\n violation of security policy.\r\n\r\nCVE-2015-2922\r\n\r\n Modio AB discovered that the IPv6 subsystem would process a router\r\n advertisement that specifies no route but only a hop limit, which\r\n would then be applied to the interface that received it. This can\r\n result in loss of IPv6 connectivity beyond the local network.\r\n\r\n This may be mitigated by disabling processing of IPv6 router\r\n advertisements if they are not needed:\r\n sysctl net.ipv6.conf.default.accept_ra=0\r\n sysctl net.ipv6.conf.<interface>.accept_ra=0\r\n\r\nCVE-2015-3331\r\n\r\n Stephan Mueller discovered that the optimised implementation of\r\n RFC4106 GCM for x86 processors that support AESNI miscalculated\r\n buffer addresses in some cases. If an IPsec tunnel is configured to\r\n use this mode (also known as AES-GCM-ESP) this can lead to memory\r\n corruption and crashes (even without malicious traffic). This could\r\n potentially also result in remote code execution.\r\n\r\nCVE-2015-3332\r\n\r\n Ben Hutchings discovered that the TCP Fast Open feature regressed\r\n in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used.\r\n This can be used as a local denial of service.\r\n\r\nCVE-2015-3339\r\n\r\n It was found that the execve(2) system call can race with inode\r\n attribute changes made by chown(2). Although chown(2) clears the\r\n setuid/setgid bits of a file if it changes the respective owner ID,\r\n this race condition could result in execve(2) setting effective\r\n uid/gid to the new owner ID, a privilege escalation.\r\n\r\nFor the oldstable distribution (wheezy), these problems have been fixed\r\nin version 3.2.68-1+deb7u1. The linux package in wheezy is not affected\r\nby CVE-2015-3332.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 3.16.7-ckt9-3~deb8u1 or earlier versions. Additionally, this\r\nversion fixes a regression in the xen-netfront driver (#782698).\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 3.16.7-ckt9-3 or earlier versions. Additionally, this version\r\nfixes a regression in the xen-netfront driver (#782698).\r\n\r\nWe recommend that you upgrade your linux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVPNTpAAoJEAVMuPMTQ89EF7UQAJexW3qTFY6CUo+i9Yxol6VG\r\nlFoTyXVYlhUKCMLvZLPAGfPqpH7NzBcvnTZ8vkeQeI3q4ixyo988ZhGJUAkV9LMK\r\nxyX+ncw2AbxbsCY4AITW9lY3TxbOcSZUVgZohRoo2tLX6RcgINRyCo/U9ia6543D\r\n1+wzAkNpR9LunorTesIyBuJP/gcIL7f7eD91QwgvLbPZsbW/X4IpAzNMAdyKcTVH\r\n5fx5MEpNJ7/cvVgV1vr//OARHZngVgl+4Q8H5bJKgRDUUtXgmIGOn4bYrm0PPT2k\r\nJGP6miSBqYMvCDWMXB5zZse6tu2hzpnZ34Lbn40PhDBRCm/ztjKzSS2H2E/+P0o1\r\nNOcU5uZWSs4fJgzD0dDXpM/izJZmNdJgfnC1CDjcIQL+zVlMDVliEjqIqVrgECr6\r\nrx7a1ZEdxa8emfv9/4yDapSIEmw6NP0MR+k6LJpQwde6iIsZ5HJaPJxjswZAFFWM\r\nsBX9E5/UmAipAiICtqILfiZYfIZ7u/c+9CLLxJn+qSS+i0pNtMWcvDzcZMPT+vAb\r\nn9kF2IUrGzfNIyrMIxaMXNwp8mnLJehmsZqYEYNfe5wCTvHHYO1htqwarBskoHrt\r\nDRl1q3nTkQkLE9SP4C6cKPQx6g2FiQ6Vk5So0INlwuYUr0l0357wggeD3DO2rY6C\r\n3kudhghmdJv1Dy4xVa8E\r\n=Gol+\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-05-05T00:00:00", "published": "2015-05-05T00:00:00", "id": "SECURITYVULNS:DOC:31988", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31988", "title": "[SECURITY] [DSA 3237-1] linux security update", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:19:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2014-9529", "CVE-2015-2922", "CVE-2015-3339", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2015-0777", "CVE-2015-3636", "CVE-2014-9683", "CVE-2015-2150", "CVE-2014-8086", "CVE-2015-2041", "CVE-2014-9419", "CVE-2015-2042"], "description": "The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was\n updated to fix various bugs and security issues.\n\n The following vulnerabilities have been fixed:\n\n CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the\n ipv4 stack can cause crashes if a disconnect is followed by another\n connect() attempt. (bnc#929525)\n\n CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c\n in the Linux kernel before 3.19.6 allows local users to gain privileges by\n executing a setuid program at a time instant when a chown to root is in\n progress, and the ownership is changed but the setuid bit is not yet\n stripped. (bnc#928130)\n\n CVE-2015-3331: The __driver_rfc4106_decrypt function in\n arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does\n not properly determine the memory locations used for encrypted data, which\n allows context-dependent attackers to cause a denial of service (buffer\n overflow and system crash) or possibly execute arbitrary code by\n triggering a crypto API call, as demonstrated by use of a libkcapi test\n program with an AF_ALG(aead) socket. (bnc#927257)\n\n CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in\n the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in\n the Linux kernel before 3.19.6 allows remote attackers to reconfigure a\n hop-limit setting via a small hop_limit value in a Router Advertisement\n (RA) message. (bnc#922583)\n\n CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before\n 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task,\n which might allow local users to bypass the seccomp or audit protection\n mechanism via a crafted application that uses the (1) fork or (2) close\n system call, as demonstrated by an attack against seccomp before 3.16.\n (bnc#926240)\n\n CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel\n through 3.19.1 do not properly restrict access to PCI command registers,\n which might allow local guest users to cause a denial of service\n (non-maskable interrupt and host crash) by disabling the (1) memory or (2)\n I/O decoding for a PCI Express device and then accessing the device, which\n triggers an Unsupported Request (UR) response. (bnc#919463)\n\n CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an\n incorrect data type in a sysctl table, which allows local users to obtain\n potentially sensitive information from kernel memory or possibly have\n unspecified other impact by accessing a sysctl entry. (bnc#919018)\n\n CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19\n uses an incorrect data type in a sysctl table, which allows local users to\n obtain potentially sensitive information from kernel memory or possibly\n have unspecified other impact by accessing a sysctl entry. (bnc#919007)\n\n CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update\n function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows\n remote attackers to cause a denial of service (slab corruption and panic)\n or possibly have unspecified other impact by triggering an INIT collision\n that leads to improper handling of shared-key data. (bnc#915577)\n\n CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0\n (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used\n in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows\n guest OS users to obtain sensitive information from uninitialized\n locations in host OS kernel memory via unspecified vectors. (bnc#917830)\n\n CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename\n function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux\n kernel before 3.18.2 allows local users to cause a denial of service\n (buffer overflow and system crash) or possibly gain privileges via a\n crafted filename. (bnc#918333)\n\n CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel through 3.18.2 allows local users\n to cause a denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a key\n structure member during garbage collection of a key. (bnc#912202)\n\n CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in\n the Linux kernel through 3.18.1 does not ensure that Thread Local Storage\n (TLS) descriptors are loaded before proceeding with other steps, which\n makes it easier for local users to bypass the ASLR protection mechanism\n via a crafted application that reads a TLS base address. (bnc#911326)\n\n CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does\n not properly restrict use of User Verbs for registration of memory\n regions, which allows local users to access arbitrary physical memory\n locations, and consequently cause a denial of service (system crash) or\n gain privileges, by leveraging permissions on a uverbs device under\n /dev/infiniband/. (bnc#914742)\n\n CVE-2014-8086: Race condition in the ext4_file_write_iter function in\n fs/ext4/file.c in the Linux kernel through 3.17 allows local users to\n cause a denial of service (file unavailability) via a combination of a\n write action and an F_SETFL fcntl operation for the O_DIRECT flag.\n (bnc#900881)\n\n The following non-security bugs have been fixed:\n\n * mm: exclude reserved pages from dirtyable memory (bnc#931015,\n bnc#930788).\n * mm: fix calculation of dirtyable memory (bnc#931015, bnc#930788).\n * mm/page-writeback.c: fix dirty_balance_reserve subtraction from\n dirtyable memory (bnc#931015, bnc#930788).\n * mm, oom: fix and cleanup oom score calculations (bnc#930171).\n * mm: fix anon_vma->degree underflow in anon_vma endless growing\n prevention (bnc#904242).\n * mm, slab: lock the correct nodelist after reenabling irqs\n (bnc#926439).\n * x86: irq: Check for valid irq descriptor\n incheck_irq_vectors_for_cpu_disable (bnc#914726).\n * x86/mce: Introduce mce_gather_info() (bsc#914987).\n * x86/mce: Fix mce regression from recent cleanup (bsc#914987).\n * x86/mce: Update MCE severity condition check (bsc#914987).\n * x86, kvm: Remove incorrect redundant assembly constraint\n (bnc#931850).\n * x86/reboot: Fix a warning message triggered by stop_other_cpus()\n (bnc#930284).\n * x86/apic/uv: Update the UV APIC HUB check (bsc#929145).\n * x86/apic/uv: Update the UV APIC driver check (bsc#929145).\n * x86/apic/uv: Update the APIC UV OEM check (bsc#929145).\n * kabi: invalidate removed sys_elem_dir::children (bnc#919589).\n * kabi: fix for changes in the sysfs_dirent structure (bnc#919589).\n * iommu/amd: Correctly encode huge pages in iommu page tables\n (bsc#931014).\n * iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte\n interface (bsc#931014).\n * iommu/amd: Optimize alloc_new_range for new fetch_pte interface\n (bsc#931014).\n * iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface\n (bsc#931014).\n * iommu/amd: Return the pte page-size in fetch_pte (bsc#931014).\n * rtc: Prevent the automatic reboot after powering off the system\n (bnc#930145)\n * rtc: Restore the RTC alarm time to the configured alarm time in BIOS\n Setup (bnc#930145, bnc#927262).\n * rtc: Add more TGCS models for alarm disable quirk (bnc#927262).\n * kernel: Fix IA64 kernel/kthread.c build woes. Hide #include\n <linux/hardirq.h> from kABI checker.\n * cpu: Correct cpu affinity for dlpar added cpus (bsc#928970).\n * proc: deal with deadlock in d_walk fix (bnc#929148, bnc#929283).\n * proc: /proc/stat: convert to single_open_size() (bnc#928122).\n * proc: new helper: single_open_size() (bnc#928122).\n * proc: speed up /proc/stat handling (bnc#928122).\n * sched: Fix potential near-infinite distribute_cfs_runtime() loop\n (bnc#930786)\n * tty: Correct tty buffer flush (bnc#929647).\n * tty: hold lock across tty buffer finding and buffer filling\n (bnc#929647).\n * fork: report pid reservation failure properly (bnc#909684).\n * random: Fix add_timer_randomness throttling\n (bsc#904883,bsc#904901,FATE#317374).\n * random: account for entropy loss due to overwrites (FATE#317374).\n * random: allow fractional bits to be tracked (FATE#317374).\n * random: statically compute poolbitshift, poolbytes, poolbits\n (FATE#317374).\n * crypto: Limit allocation of crypto mechanisms to dialect which\n requires (bnc#925729).\n * net: relax rcvbuf limits (bug#923344).\n * udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309).\n * acpi / sysfs: Treat the count field of counter_show() as unsigned\n (bnc#909312).\n * acpi / osl: speedup grace period in acpi_os_map_cleanup (bnc#877456).\n * btrfs: upstream fixes from 3.18\n * btrfs: fix race when reusing stale extent buffers that leads to\n BUG_ON.\n * btrfs: btrfs_release_extent_buffer_page did not free pages of dummy\n extent (bnc#930226, bnc#916521).\n * btrfs: set error return value in btrfs_get_blocks_direct.\n * btrfs: fix off-by-one in cow_file_range_inline().\n * btrfs: wake up transaction thread from SYNC_FS ioctl.\n * btrfs: fix wrong fsid check of scrub.\n * btrfs: try not to ENOSPC on log replay.\n * btrfs: fix build_backref_tree issue with multiple shared blocks.\n * btrfs: add missing end_page_writeback on submit_extent_page failure.\n * btrfs: fix crash of btrfs_release_extent_buffer_page.\n * btrfs: fix race in WAIT_SYNC ioctl.\n * btrfs: fix kfree on list_head in btrfs_lookup_csums_range error\n cleanup.\n * btrfs: cleanup orphans while looking up default subvolume\n (bsc#914818).\n * btrfs: fix lost return value due to variable shadowing.\n * btrfs: abort the transaction if we fail to update the free space\n cache inode.\n * btrfs: fix scheduler warning when syncing log.\n * btrfs: add more checks to btrfs_read_sys_array.\n * btrfs: cleanup, rename a few variables in btrfs_read_sys_array.\n * btrfs: add checks for sys_chunk_array sizes.\n * btrfs: more superblock checks, lower bounds on devices and\n sectorsize/nodesize.\n * btrfs: fix setup_leaf_for_split() to avoid leaf corruption.\n * btrfs: fix typos in btrfs_check_super_valid.\n * btrfs: use macro accessors in superblock validation checks.\n * btrfs: add more superblock checks.\n * btrfs: avoid premature -ENOMEM in clear_extent_bit().\n * btrfs: avoid returning -ENOMEM in convert_extent_bit() too early.\n * btrfs: call inode_dec_link_count() on mkdir error path.\n * btrfs: fix fs corruption on transaction abort if device supports\n discard.\n * btrfs: make sure we wait on logged extents when fsycning two subvols.\n * btrfs: make xattr replace operations atomic.\n * xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080,\n bnc#912741).\n * xfs: prevent deadlock trying to cover an active log (bsc#917093).\n * xfs: introduce xfs_bmapi_read() (bnc#891641).\n * xfs: factor extent map manipulations out of xfs_bmapi (bnc#891641).\n * nfs: Fix a regression in nfs_file_llseek() (bnc#930401).\n * nfs: do not try to use lock state when we hold a delegation\n (bnc#831029) - add to series.conf\n * sunrpc: Fix the execution time statistics in the face of RPC\n restarts (bnc#924271).\n * fsnotify: Fix handling of renames in audit (bnc#915200).\n * configfs: fix race between dentry put and lookup (bnc#924333).\n * fs/pipe.c: add ->statfs callback for pipefs (bsc#916848).\n * fs/buffer.c: make block-size be per-page and protected by the page\n lock (bnc#919357).\n * st: fix corruption of the st_modedef structures in st_set_options()\n (bnc#928333).\n * lpfc: Fix race on command completion (bnc#906027,bnc#889221).\n * cifs: fix use-after-free bug in find_writable_file (bnc#909477).\n * sysfs: Make sysfs_rename safe with sysfs_dirents in rbtrees\n (bnc#919589).\n * sysfs: use rb-tree for inode number lookup (bnc#919589).\n * sysfs: use rb-tree for name lookups (bnc#919589).\n * dasd: Fix inability to set a DASD device offline (bnc#927338,\n LTC#123905).\n * dasd: Fix device having no paths after suspend/resume (bnc#927338,\n LTC#123896).\n * dasd: Fix unresumed device after suspend/resume (bnc#927338,\n LTC#123892).\n * dasd: Missing partition after online processing (bnc#917120,\n LTC#120565).\n * af_iucv: fix AF_IUCV sendmsg() errno (bnc#927338, LTC#123304).\n * s390: avoid z13 cache aliasing (bnc#925012).\n * s390: enable large page support with CONFIG_DEBUG_PAGEALLOC\n (bnc#925012).\n * s390: z13 base performance (bnc#925012, LTC#KRN1514).\n * s390/spinlock: cleanup spinlock code (bnc#925012).\n * s390/spinlock: optimize spinlock code sequence (bnc#925012).\n * s390/spinlock,rwlock: always to a load-and-test first (bnc#925012).\n * s390/spinlock: refactor arch_spin_lock_wait[_flags] (bnc#925012).\n * s390/spinlock: optimize spin_unlock code (bnc#925012).\n * s390/rwlock: add missing local_irq_restore calls (bnc#925012).\n * s390/time: use stck clock fast for do_account_vtime (bnc#925012).\n * s390/kernel: use stnsm 255 instead of stosm 0 (bnc#925012).\n * s390/mm: align 64-bit PIE binaries to 4GB (bnc#925012).\n * s390/mm: use pfmf instruction to initialize storage keys\n (bnc#925012).\n * s390/mm: speedup storage key initialization (bnc#925012).\n * s390/memory hotplug: initialize storage keys (bnc#925012).\n * s390/memory hotplug: use pfmf instruction to initialize storage keys\n (bnc#925012).\n * s390/facilities: cleanup PFMF and HPAGE machine facility detection\n (bnc#925012).\n * powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH\n (bsc#928142).\n * powerpc+sparc64/mm: Remove hack in mmap randomize layout\n (bsc#917839).\n * powerpc: Make chip-id information available to userspace\n (bsc#919682).\n * powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds\n the allowed address space (bsc#930669).\n * ib/ipoib: Add missing locking when CM object is deleted (bsc#924340).\n * ib/ipoib: Fix RCU pointer dereference of wrong object (bsc#924340).\n * IPoIB: Fix race in deleting ipoib_neigh entries (bsc#924340).\n * IPoIB: Fix ipoib_neigh hashing to use the correct daddr octets\n (bsc#924340).\n * IPoIB: Fix AB-BA deadlock when deleting neighbours (bsc#924340).\n * IPoIB: Fix memory leak in the neigh table deletion flow (bsc#924340).\n * ch: fixup refcounting imbalance for SCSI devices (bsc#925443).\n * ch: remove ch_mutex (bnc#925443).\n * DLPAR memory add failed on Linux partition (bsc#927190).\n * Revert "pseries/iommu: Remove DDW on kexec" (bsc#926016).\n * Revert "powerpc/pseries/iommu: remove default window before\n attempting DDW manipulation" (bsc#926016).\n * alsa: hda_intel: apply the Seperate stream_tag for Sunrise Point\n (bsc#925370).\n * alsa: hda_intel: apply the Seperate stream_tag for Skylake\n (bsc#925370).\n * alsa: hda_controller: Separate stream_tag for input and output\n streams (bsc#925370).\n * md: do not give up looking for spares on first failure-to-add\n (bnc#908706).\n * md: fix safe_mode buglet (bnc#926767).\n * md: do not wait for plug_cnt to go to zero (bnc#891641).\n * epoll: fix use-after-free in eventpoll_release_file (epoll scaling).\n * eventpoll: use-after-possible-free in epoll_create1() (bug#917648).\n * direct-io: do not read inode->i_blkbits multiple times (bnc#919357).\n * scsifront: do not use bitfields for indicators modified under\n different locks.\n * msi: also reject resource with flags all clear.\n * pvscsi: support suspend/resume (bsc#902286).\n * do not switch internal CDC device on IBM NeXtScale nx360 M5\n (bnc#913598).\n * dm: optimize use SRCU and RCU (bnc#910517).\n * uvc: work on XHCI controllers without ring expansion (bnc#915045).\n * qla2xxx: Do not crash system for sp ref count zero\n (bnc#891212,bsc#917684).\n * megaraid_sas : Update threshold based reply post host index register\n (bnc#919808).\n * bnx2x: Fix kdump when iommu=on (bug#921769).\n * Provide/Obsolete all subpackages of old flavors (bnc#925567)\n * tgcs: Ichigan 6140-x3x Integrated touchscreen is not precised\n (bnc#924142).\n\n Security Issues:\n\n * CVE-2014-8086\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8086\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8086</a>>\n * CVE-2014-8159\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8159\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8159</a>>\n * CVE-2014-9419\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419</a>>\n * CVE-2014-9529\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529</a>>\n * CVE-2014-9683\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683</a>>\n * CVE-2015-0777\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0777\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0777</a>>\n * CVE-2015-1421\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421</a>>\n * CVE-2015-2041\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041</a>>\n * CVE-2015-2042\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042</a>>\n * CVE-2015-2150\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150</a>>\n * CVE-2015-2830\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830</a>>\n * CVE-2015-2922\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922</a>>\n * CVE-2015-3331\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331</a>>\n * CVE-2015-3339\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339</a>>\n * CVE-2015-3636\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636</a>>\n", "edition": 1, "modified": "2015-08-12T19:09:18", "published": "2015-08-12T19:09:18", "id": "SUSE-SU-2015:1376-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00007.html", "title": "Security update for the Real Time Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:02:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9715", "CVE-2015-2830", "CVE-2015-3332", "CVE-2015-2922", "CVE-2015-3339", "CVE-2015-3331", "CVE-2014-8159", "CVE-2015-2150", "CVE-2015-2041", "CVE-2015-2042"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3237-1 security@debian.org\nhttp://www.debian.org/security/ Ben Hutchings\nApril 26, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042\n CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331\n CVE-2015-3332 CVE-2015-3339\nDebian Bug : 741667 782515 782561 782698\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-8159\n\n It was found that the Linux kernel's InfiniBand/RDMA subsystem did\n not properly sanitize input parameters while registering memory\n regions from user space via the (u)verbs API. A local user with\n access to a /dev/infiniband/uverbsX device could use this flaw to\n crash the system or, potentially, escalate their privileges on the\n system.\n\nCVE-2014-9715\n\n It was found that the netfilter connection tracking subsystem used\n too small a type as an offset within each connection's data\n structure, following a bug fix in Linux 3.2.33 and 3.6. In some\n configurations, this would lead to memory corruption and crashes\n (even without malicious traffic). This could potentially also\n result in violation of the netfilter policy or remote code\n execution.\n\n This can be mitigated by disabling connection tracking accounting:\n sysctl net.netfilter.nf_conntrack_acct=0\n\nCVE-2015-2041\n\n Sasha Levin discovered that the LLC subsystem exposed some variables\n as sysctls with the wrong type. On a 64-bit kernel, this possibly\n allows privilege escalation from a process with CAP_NET_ADMIN\n capability; it also results in a trivial information leak.\n\nCVE-2015-2042\n\n Sasha Levin discovered that the RDS subsystem exposed some variables\n as sysctls with the wrong type. On a 64-bit kernel, this results in\n a trivial information leak.\n\nCVE-2015-2150\n\n Jan Beulich discovered that Xen guests are currently permitted to\n modify all of the (writable) bits in the PCI command register of\n devices passed through to them. This in particular allows them to\n disable memory and I/O decoding on the device unless the device is\n an SR-IOV virtual function, which can result in denial of service\n to the host.\n\nCVE-2015-2830\n\n Andrew Lutomirski discovered that when a 64-bit task on an amd64\n kernel makes a fork(2) or clone(2) system call using int $0x80, the\n 32-bit compatibility flag is set (correctly) but is not cleared on\n return. As a result, both seccomp and audit will misinterpret the\n following system call by the task(s), possibly leading to a\n violation of security policy.\n\nCVE-2015-2922\n\n Modio AB discovered that the IPv6 subsystem would process a router\n advertisement that specifies no route but only a hop limit, which\n would then be applied to the interface that received it. This can\n result in loss of IPv6 connectivity beyond the local network.\n\n This may be mitigated by disabling processing of IPv6 router\n advertisements if they are not needed:\n sysctl net.ipv6.conf.default.accept_ra=0\n sysctl net.ipv6.conf.<interface>.accept_ra=0\n\nCVE-2015-3331\n\n Stephan Mueller discovered that the optimised implementation of\n RFC4106 GCM for x86 processors that support AESNI miscalculated\n buffer addresses in some cases. If an IPsec tunnel is configured to\n use this mode (also known as AES-GCM-ESP) this can lead to memory\n corruption and crashes (even without malicious traffic). This could\n potentially also result in remote code execution.\n\nCVE-2015-3332\n\n Ben Hutchings discovered that the TCP Fast Open feature regressed\n in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used.\n This can be used as a local denial of service.\n\nCVE-2015-3339\n\n It was found that the execve(2) system call can race with inode\n attribute changes made by chown(2). Although chown(2) clears the\n setuid/setgid bits of a file if it changes the respective owner ID,\n this race condition could result in execve(2) setting effective\n uid/gid to the new owner ID, a privilege escalation.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u1. The linux package in wheezy is not affected\nby CVE-2015-3332.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt9-3~deb8u1 or earlier versions. Additionally, this\nversion fixes a regression in the xen-netfront driver (#782698).\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.16.7-ckt9-3 or earlier versions. Additionally, this version\nfixes a regression in the xen-netfront driver (#782698).\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 19, "modified": "2015-04-26T12:37:31", "published": "2015-04-26T12:37:31", "id": "DEBIAN:DSA-3237-1:27D30", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00125.html", "title": "[SECURITY] [DSA 3237-1] linux security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}