Search...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)

2015-05-14T00:00:00

ID ORACLELINUX_ELSA-2015-3036.NASL
Type nessus
Reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

Description of changes:

[2.6.39-400.250.2.el6uek] - crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}

[2.6.39-400.250.1.el6uek] - xen/pciback: Don

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2015-3036.
#

include("compat.inc");

if (description)
{
  script_id(83449);
  script_version("2.13");
  script_cvs_date("Date: 2019/09/27 13:00:36");

  script_cve_id("CVE-2014-3215", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-1421", "CVE-2015-2150", "CVE-2015-3331");
  script_bugtraq_id(71883, 72356, 73014, 73060, 74235);

  script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Description of changes:

[2.6.39-400.250.2.el6uek]
- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) 
[Orabug: 21077389]  {CVE-2015-3331}

[2.6.39-400.250.1.el6uek]
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad 
Rzeszutek Wilk)  [Orabug: 20807440]  {CVE-2015-2150}
- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) 
  [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for 
attached SCSI devices when driver resources are low.' (Chad Dupuis) 
[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted 
(David Vrabel)  [Orabug: 20618759] - sched: Expose 
preempt_schedule_irq() (Thomas Gleixner)  [Orabug: 20618759] - isofs: 
Fix unchecked printing of ER records (Jan Kara)  [Orabug: 20930552] 
{CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. 
(Stephen Smalley)  [Orabug: 20930502]  {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 
(Andy Lutomirski)  [Orabug: 20930518]  {CVE-2014-3215}
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic 
(Shachar Raindel)  [Orabug: 20788393]  {CVE-2014-8159} {CVE-2014-8159}
- xen-pciback: limit guest control of command register (Jan Beulich) 
[Orabug: 20704156]  {CVE-2015-2150} {CVE-2015-2150}
- net: sctp: fix slab corruption from use after free on INIT collisions 
(Daniel Borkmann)  [Orabug: 20780348]  {CVE-2015-1421}"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected unbreakable enterprise kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && "ia64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2014-3215", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-1421", "CVE-2015-2150", "CVE-2015-3331");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2015-3036");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.6";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.39-400.250.2.el5uek")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.39-400.250.2.el5uek")) flag++;

if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.250.2.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.250.2.el6uek")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

JSON Vulners Source

Initial Source

{"id": "ORACLELINUX_ELSA-2015-3036.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don", "published": "2015-05-14T00:00:00", "modified": "2020-02-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/83449", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "type": "nessus", "lastseen": "2020-02-01T01:31:39", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] - sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "42bc278ec1b2a72d3079ee6f5c157ebce7802fc8361cb7cf8d1cba17c5cafb61", "hashmap": [{"hash": "aa95097b7e708a086412808360cac738", "key": "sourceData"}, {"hash": "0f0622ad634834baac213feaffe54072", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4cfa4655130c014a5a9ffdaaefcdaae1", "key": "pluginID"}, {"hash": "8a1af0b2cbbb4009e799126c72f14c3e", "key": "cpe"}, {"hash": "85d86af2cc2e937b9f262f39a8eded59", "key": "published"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "39c11f10a3f14ebe12e8bc70b7b4414a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "c29c4d50f6a057f9b0ba47166616e0dd", "key": "cvelist"}, {"hash": "c472db5bc322d3fe47a32c5e6110ee1f", "key": "references"}, {"hash": "4f87df1244c3ad13db7859037da1c9b2", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83449", "id": "ORACLELINUX_ELSA-2015-3036.NASL", "lastseen": "2018-09-01T23:52:06", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "83449", "published": "2015-05-14T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83449);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:43:32 $\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "type": "nessus", "viewCount": 18}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:52:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:21:28", "references": [{"idList": ["SOL16478", "F5:K16819", "SOL17245", "SOL17541", "F5:K17245", "F5:K17541", "SOL17242", "F5:K17242", "SOL16819", "SOL16596"], "type": "f5"}, {"idList": ["ORACLEVM_OVMSA-2015-0060.NASL", "FEDORA_2015-4066.NASL", "ORACLELINUX_ELSA-2015-3035.NASL", "ORACLELINUX_ELSA-2015-3020.NASL", "ORACLELINUX_ELSA-2015-0726.NASL", "REDHAT-RHSA-2015-0727.NASL", "ORACLELINUX_ELSA-2015-3034.NASL", "ORACLELINUX_ELSA-2015-3019.NASL", "ORACLELINUX_ELSA-2015-3033.NASL", "CENTOS_RHSA-2015-0726.NASL"], "type": "nessus"}, {"idList": ["GLSA-201412-44"], "type": "gentoo"}, {"idList": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "type": "cve"}, {"idList": ["CESA-2015:0726", "CESA-2015:0864"], "type": "centos"}, {"idList": ["USN-2614-1", "USN-2632-1", "USN-2530-1", "USN-2631-1", "USN-2613-1"], "type": "ubuntu"}, {"idList": ["ALAS-2015-544", "ALAS-2015-543"], "type": "amazon"}, {"idList": ["ELSA-2015-3033", "ELSA-2015-0987", "ELSA-2015-3019", "ELSA-2015-3035", "ELSA-2015-3032", "ELSA-2015-3034", "ELSA-2015-0864", "ELSA-2015-0726", "ELSA-2015-3036", "ELSA-2015-3020"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310871343", "OPENVAS:1361412562310123114", "OPENVAS:1361412562310869595", "OPENVAS:1361412562310123143", "OPENVAS:1361412562310105356", "OPENVAS:1361412562310123126", "OPENVAS:1361412562310123144", "OPENVAS:1361412562310123125", "OPENVAS:1361412562310123113", "OPENVAS:1361412562310882145"], "type": "openvas"}, {"idList": ["CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0"], "type": "cloudfoundry"}, {"idList": ["SECURITYVULNS:VULN:13781", "SECURITYVULNS:DOC:30741", "SECURITYVULNS:DOC:32205"], "type": "securityvulns"}, {"idList": ["RHSA-2015:0726", "RHSA-2015:0727", "RHSA-2015:0919", "RHSA-2015:0987", "RHSA-2015:0864", "RHSA-2015:0751"], "type": "redhat"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "bdd608cfa70ba7978e3297d353bbd73c2d458887925b6462f6d37bc3eccb16cb", "hashmap": [{"hash": "aa95097b7e708a086412808360cac738", "key": "sourceData"}, {"hash": "0f0622ad634834baac213feaffe54072", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4cfa4655130c014a5a9ffdaaefcdaae1", "key": "pluginID"}, {"hash": "8a1af0b2cbbb4009e799126c72f14c3e", "key": "cpe"}, {"hash": "85d86af2cc2e937b9f262f39a8eded59", "key": "published"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "39c11f10a3f14ebe12e8bc70b7b4414a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "c29c4d50f6a057f9b0ba47166616e0dd", "key": "cvelist"}, {"hash": "c472db5bc322d3fe47a32c5e6110ee1f", "key": "references"}, {"hash": "2611f5d683af3bdf45a67dcd9b0a658a", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83449", "id": "ORACLELINUX_ELSA-2015-3036.NASL", "lastseen": "2019-01-16T20:21:28", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "83449", "published": "2015-05-14T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83449);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:43:32 $\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "type": "nessus", "viewCount": 18}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:21:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] - sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-02-21T01:24:08", "references": [{"idList": ["ORACLEVM_OVMSA-2015-0060.NASL", "FEDORA_2015-4066.NASL", "ORACLELINUX_ELSA-2015-3035.NASL", "ORACLELINUX_ELSA-2015-3020.NASL", "ORACLELINUX_ELSA-2015-0726.NASL", "ORACLELINUX_ELSA-2015-3034.NASL", "ORACLELINUX_ELSA-2015-3019.NASL", "ORACLELINUX_ELSA-2015-3033.NASL", "REDHAT-RHSA-2015-0751.NASL", "REDHAT-RHSA-2015-0726.NASL"], "type": "nessus"}, {"idList": ["SOL16478", "F5:K16819", "SOL17245", "SOL17541", "F5:K17245", "F5:K17541", "SOL17242", "F5:K17242", "SOL16819", "SOL16596"], "type": "f5"}, {"idList": ["GLSA-201412-44"], "type": "gentoo"}, {"idList": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "type": "cve"}, {"idList": ["CESA-2015:0726", "CESA-2015:0864"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310871343", "OPENVAS:1361412562310123114", "OPENVAS:1361412562310869595", "OPENVAS:1361412562310123143", "OPENVAS:1361412562310105356", "OPENVAS:1361412562310123126", "OPENVAS:1361412562310123144", "OPENVAS:1361412562310123125", "OPENVAS:1361412562310123113", "OPENVAS:1361412562310123149"], "type": "openvas"}, {"idList": ["ALAS-2015-544", "ALAS-2015-543"], "type": "amazon"}, {"idList": ["ELSA-2015-3033", "ELSA-2015-0987", "ELSA-2015-3019", "ELSA-2015-3035", "ELSA-2015-3032", "ELSA-2015-3034", "ELSA-2015-0864", "ELSA-2015-0726", "ELSA-2015-3036", "ELSA-2015-3020"], "type": "oraclelinux"}, {"idList": ["CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0"], "type": "cloudfoundry"}, {"idList": ["USN-2614-1", "USN-2632-1", "USN-2631-1", "USN-2613-1"], "type": "ubuntu"}, {"idList": ["SECURITYVULNS:VULN:13781", "SECURITYVULNS:DOC:30741", "SECURITYVULNS:DOC:32205"], "type": "securityvulns"}, {"idList": ["RHSA-2015:0726", "RHSA-2015:0727", "RHSA-2015:0864", "RHSA-2015:0751", "RHSA-2015:0981"], "type": "redhat"}]}, "score": {"modified": "2019-02-21T01:24:08", "value": 6.6, "vector": "NONE"}}, "hash": "42bc278ec1b2a72d3079ee6f5c157ebce7802fc8361cb7cf8d1cba17c5cafb61", "hashmap": [{"hash": "aa95097b7e708a086412808360cac738", "key": "sourceData"}, {"hash": "0f0622ad634834baac213feaffe54072", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4cfa4655130c014a5a9ffdaaefcdaae1", "key": "pluginID"}, {"hash": "8a1af0b2cbbb4009e799126c72f14c3e", "key": "cpe"}, {"hash": "85d86af2cc2e937b9f262f39a8eded59", "key": "published"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "39c11f10a3f14ebe12e8bc70b7b4414a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "c29c4d50f6a057f9b0ba47166616e0dd", "key": "cvelist"}, {"hash": "c472db5bc322d3fe47a32c5e6110ee1f", "key": "references"}, {"hash": "4f87df1244c3ad13db7859037da1c9b2", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83449", "id": "ORACLELINUX_ELSA-2015-3036.NASL", "lastseen": "2019-02-21T01:24:08", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "83449", "published": "2015-05-14T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83449);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:43:32 $\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "type": "nessus", "viewCount": 18}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 6, "lastseen": "2019-02-21T01:24:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don", "edition": 10, "enchantments": {"dependencies": {"modified": "2020-01-01T01:01:36", "references": [{"idList": ["ORACLEVM_OVMSA-2015-0060.NASL", "FEDORA_2015-4066.NASL", "ORACLELINUX_ELSA-2015-3035.NASL", "ORACLELINUX_ELSA-2015-3020.NASL", "ORACLELINUX_ELSA-2015-0726.NASL", "ORACLELINUX_ELSA-2015-3034.NASL", "ORACLELINUX_ELSA-2015-3019.NASL", "ORACLELINUX_ELSA-2015-3033.NASL", "REDHAT-RHSA-2015-0751.NASL", "REDHAT-RHSA-2015-0726.NASL"], "type": "nessus"}, {"idList": ["SOL16478", "F5:K16819", "SOL17245", "SOL17541", "F5:K17245", "F5:K17541", "SOL17242", "F5:K17242", "SOL16819", "SOL16596"], "type": "f5"}, {"idList": ["GLSA-201412-44"], "type": "gentoo"}, {"idList": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "type": "cve"}, {"idList": ["CESA-2015:0726", "CESA-2015:0864"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310871343", "OPENVAS:1361412562310123114", "OPENVAS:1361412562310869595", "OPENVAS:1361412562310123143", "OPENVAS:1361412562310105356", "OPENVAS:1361412562310123126", "OPENVAS:1361412562310123144", "OPENVAS:1361412562310123125", "OPENVAS:1361412562310123113", "OPENVAS:1361412562310123149"], "type": "openvas"}, {"idList": ["ALAS-2015-544", "ALAS-2015-543"], "type": "amazon"}, {"idList": ["USN-2614-1", "USN-2632-1", "USN-2529-1", "USN-2528-1", "USN-2631-1", "USN-2613-1"], "type": "ubuntu"}, {"idList": ["ELSA-2015-3033", "ELSA-2015-0987", "ELSA-2015-3019", "ELSA-2015-3035", "ELSA-2015-3032", "ELSA-2015-3034", "ELSA-2015-0864", "ELSA-2015-0726", "ELSA-2015-3036", "ELSA-2015-3020"], "type": "oraclelinux"}, {"idList": ["CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0"], "type": "cloudfoundry"}, {"idList": ["RHSA-2015:0726", "RHSA-2015:0727", "RHSA-2015:0864", "RHSA-2015:0751", "RHSA-2015:0870"], "type": "redhat"}, {"idList": ["SECURITYVULNS:VULN:13781", "SECURITYVULNS:DOC:30741", "SECURITYVULNS:DOC:32205"], "type": "securityvulns"}]}, "score": {"modified": "2020-01-01T01:01:36", "value": 5.6, "vector": "NONE"}}, "hash": "095672d4700208b286d018e865e92576d80ec18639f4ff2b8f58e48d3600e60b", "hashmap": [{"hash": "72bd494c211104aacb24b72cd290fad6", "key": "href"}, {"hash": "2249940a684898a70237266de5d6dd6c", "key": "modified"}, {"hash": "4cfa4655130c014a5a9ffdaaefcdaae1", "key": "pluginID"}, {"hash": "3ad0fa7d4ba83cd1dbb090c2d302dc8e", "key": "description"}, {"hash": "8a1af0b2cbbb4009e799126c72f14c3e", "key": "cpe"}, {"hash": "f82feb6b55f329a4801a7908bc18a9d6", "key": "reporter"}, {"hash": "85d86af2cc2e937b9f262f39a8eded59", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "39c11f10a3f14ebe12e8bc70b7b4414a", "key": "title"}, {"hash": "61928ca1263dcc2dbaa436d8faa75fc8", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c29c4d50f6a057f9b0ba47166616e0dd", "key": "cvelist"}, {"hash": "c472db5bc322d3fe47a32c5e6110ee1f", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/83449", "id": "ORACLELINUX_ELSA-2015-3036.NASL", "lastseen": "2020-01-01T01:01:36", "modified": "2020-01-02T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "83449", "published": "2015-05-14T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83449);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3036\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "type": "nessus", "viewCount": 18}, "differentElements": ["modified"], "edition": 10, "lastseen": "2020-01-01T01:01:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "cvelist": ["CVE-2014-3215", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-9584", "CVE-2015-2150"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] - sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "42bc278ec1b2a72d3079ee6f5c157ebce7802fc8361cb7cf8d1cba17c5cafb61", "hashmap": [{"hash": "aa95097b7e708a086412808360cac738", "key": "sourceData"}, {"hash": "0f0622ad634834baac213feaffe54072", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4cfa4655130c014a5a9ffdaaefcdaae1", "key": "pluginID"}, {"hash": "8a1af0b2cbbb4009e799126c72f14c3e", "key": "cpe"}, {"hash": "85d86af2cc2e937b9f262f39a8eded59", "key": "published"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "39c11f10a3f14ebe12e8bc70b7b4414a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "c29c4d50f6a057f9b0ba47166616e0dd", "key": "cvelist"}, {"hash": "c472db5bc322d3fe47a32c5e6110ee1f", "key": "references"}, {"hash": "4f87df1244c3ad13db7859037da1c9b2", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83449", "id": "ORACLELINUX_ELSA-2015-3036.NASL", "lastseen": "2017-10-29T13:40:03", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "83449", "published": "2015-05-14T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html", "https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83449);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:43:32 $\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)", "type": "nessus", "viewCount": 18}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:40:03"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "8a1af0b2cbbb4009e799126c72f14c3e"}, {"key": "cvelist", "hash": "c29c4d50f6a057f9b0ba47166616e0dd"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "description", "hash": "3ad0fa7d4ba83cd1dbb090c2d302dc8e"}, {"key": "href", "hash": "72bd494c211104aacb24b72cd290fad6"}, {"key": "modified", "hash": "248ddfee5cc8aa2c1a4fce14baf1e1b1"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "4cfa4655130c014a5a9ffdaaefcdaae1"}, {"key": "published", "hash": "85d86af2cc2e937b9f262f39a8eded59"}, {"key": "references", "hash": "c472db5bc322d3fe47a32c5e6110ee1f"}, {"key": "reporter", "hash": "f82feb6b55f329a4801a7908bc18a9d6"}, {"key": "sourceData", "hash": "61928ca1263dcc2dbaa436d8faa75fc8"}, {"key": "title", "hash": "39c11f10a3f14ebe12e8bc70b7b4414a"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "158c1539de0036164cc8d22cd0f74be6ac16c27962e2001dfc3cdf9050ed08b5", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2015-3036", "ELSA-2015-3020", "ELSA-2015-3019", "ELSA-2015-3035", "ELSA-2015-3034", "ELSA-2015-0987", "ELSA-2015-3033", "ELSA-2015-0726", "ELSA-2015-3032", "ELSA-2015-0864"]}, {"type": "cve", "idList": ["CVE-2014-9584", "CVE-2014-8159", "CVE-2015-3331", "CVE-2015-2150", "CVE-2014-3215", "CVE-2015-1421"]}, {"type": "f5", "idList": ["F5:K17245", "SOL17245", "F5:K17541", "F5:K16819", "SOL16819", "SOL16596", "SOL17541", "F5:K17242", "SOL17242", "SOL16478"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2015-3019.NASL", "ORACLELINUX_ELSA-2015-3020.NASL", "ORACLEVM_OVMSA-2015-0060.NASL", "ORACLELINUX_ELSA-2015-3035.NASL", "ORACLELINUX_ELSA-2015-3033.NASL", "ORACLELINUX_ELSA-2015-3034.NASL", "REDHAT-RHSA-2015-0751.NASL", "CENTOS_RHSA-2015-0726.NASL", "REDHAT-RHSA-2015-0727.NASL", "FEDORA_2015-4066.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123144", "OPENVAS:1361412562310123143", "OPENVAS:1361412562310105356", "OPENVAS:1361412562310869595", "OPENVAS:1361412562310123126", "OPENVAS:1361412562310123125", "OPENVAS:1361412562310123149", "OPENVAS:1361412562310871343", "OPENVAS:1361412562310882145", "OPENVAS:1361412562310123114"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0"]}, {"type": "redhat", "idList": ["RHSA-2015:0751", "RHSA-2015:0726", "RHSA-2015:0727", "RHSA-2015:0864", "RHSA-2015:0870"]}, {"type": "centos", "idList": ["CESA-2015:0726", "CESA-2015:0864"]}, {"type": "ubuntu", "idList": ["USN-2614-1", "USN-2613-1", "USN-2632-1", "USN-2631-1", "USN-2528-1", "USN-2529-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32205"]}, {"type": "amazon", "idList": ["ALAS-2015-543"]}], "modified": "2020-02-01T01:31:39"}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-02-01T01:31:39"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3036.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83449);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(71883, 72356, 73014, 73060, 74235);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.2.el6uek]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077389] {CVE-2015-3331}\n\n[2.6.39-400.250.1.el6uek]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for \nattached SCSI devices when driver resources are low.' (Chad Dupuis) \n[Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted \n(David Vrabel) [Orabug: 20618759] - sched: Expose \npreempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: \nFix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] \n{CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-9584\", \"CVE-2015-1421\", \"CVE-2015-2150\", \"CVE-2015-3331\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3036\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "83449", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "scheme": null}

{"oraclelinux": [{"lastseen": "2019-05-29T18:38:17", "bulletinFamily": "unix", "description": "[2.6.39-400.250.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}\n[2.6.39-400.250.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] \n- Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] \n- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] \n- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3036", "href": "http://linux.oracle.com/errata/ELSA-2015-3036.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "unix", "description": "[2.6.39-400.249.3]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n[2.6.39-400.249.2]\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-3020", "href": "http://linux.oracle.com/errata/ELSA-2015-3020.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.1.2]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\n[3.8.13-68.1.1]\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421}", "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-3019", "href": "http://linux.oracle.com/errata/ELSA-2015-3019.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:33", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.2.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077385] {CVE-2015-3331}\n[3.8.13-68.2.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20860817] \n- Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/core/flow.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- mm, vmstat: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- trace, ring-buffer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, coretemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- octeon, watchdog: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- oprofile, nmi-timer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- intel-idle: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- acpi-cpufreq: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, fcoe: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2i: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, hw_breakpoint.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, kvm: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, pci, amd-bus: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, hpet: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, amd, ibs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, mce: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, uncore: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, cpuid: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, msr: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- powerpc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- sparc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, smp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm, hw-breakpoint: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, err-inject: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, topology: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, palinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug: Provide lockless versions of callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3035", "href": "http://linux.oracle.com/errata/ELSA-2015-3035.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "unix", "description": "[3.10.0-229.4.2]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229.4.2]\n- [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt Stutsman) [1213331 1212178] {CVE-2015-3331}\n[3.10.0-229.4.1]\n- [crypto] x86: sha256_ssse3 - also test for BMI2 (Herbert Xu) [1211484 1201563]\n- [crypto] testmgr: fix RNG return code enforcement (Herbert Xu) [1211487 1198978]\n- [crypto] rng: RNGs must return 0 in success case (Herbert Xu) [1211487 1198978]\n- [crypto] x86: sha1 - reduce size of the AVX2 asm implementation (Herbert Xu) [1211291 1177968]\n- [crypto] x86: sha1 - fix stack alignment of AVX2 variant (Herbert Xu) [1211291 1177968]\n- [crypto] x86: sha1 - re-enable the AVX variant (Herbert Xu) [1211291 1177968]\n- [crypto] sha: SHA1 transform x86_64 AVX2 (Herbert Xu) [1211291 1177968]\n- [crypto] sha-mb: sha1_mb_alg_state can be static (Herbert Xu) [1211290 1173756]\n- [crypto] mcryptd: mcryptd_flist can be static (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer job manager and glue code (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer crypto computation (x8 AVX2) (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer submit and flush routines for AVX2 (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: SHA1 multibuffer algorithm data structures (Herbert Xu) [1211290 1173756]\n- [crypto] sha-mb: multibuffer crypto infrastructure (Herbert Xu) [1211290 1173756]\n- [kernel] sched: Add function single_task_running to let a task check if it is the only task running on a cpu (Herbert Xu) [1211290 1173756]\n- [crypto] ahash: initialize entry len for null input in crypto hash sg list walk (Herbert Xu) [1211290 1173756]\n- [crypto] ahash: Add real ahash walk interface (Herbert Xu) [1211290 1173756]\n- [char] random: account for entropy loss due to overwrites (Herbert Xu) [1211288 1110044]\n- [char] random: allow fractional bits to be tracked (Herbert Xu) [1211288 1110044]\n- [char] random: statically compute poolbitshift, poolbytes, poolbits (Herbert Xu) [1211288 1110044]\n[3.10.0-229.3.1]\n- [netdrv] mlx4_en: tx_info->ts_requested was not cleared (Doug Ledford) [1209240 1178070]\n[3.10.0-229.2.1]\n- [char] tpm: Added Little Endian support to vtpm module (Steve Best) [1207051 1189017]\n- [powerpc] pseries: Fix endian problems with LE migration (Steve Best) [1207050 1183198]\n- [iommu] vt-d: Work around broken RMRR firmware entries (Myron Stowe) [1205303 1195802]\n- [iommu] vt-d: Store bus information in RMRR PCI device path (Myron Stowe) [1205303 1195802]\n- [s390] zcrypt: enable s390 hwrng to seed kernel entropy (Hendrik Brueckner) [1205300 1196398]\n- [s390] zcrypt: improve device probing for zcrypt adapter cards (Hendrik Brueckner) [1205300 1196398]\n- [net] team: fix possible null pointer dereference in team_handle_frame (Jiri Pirko) [1202359 1188496]\n- [fs] fsnotify: fix handling of renames in audit (Paul Moore) [1202358 1191562]\n- [net] openvswitch: Fix net exit (Jiri Benc) [1202357 1200859]\n- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1201256 1193910]\n- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1201256 1193910]\n- [crypto] aesni: fix 'by8' variant for 128 bit keys (Herbert Xu) [1201254 1174971]\n- [crypto] aesni: remove unused defines in 'by8' variant (Herbert Xu) [1201254 1174971]\n- [crypto] aesni: fix counter overflow handling in 'by8' variant (Herbert Xu) [1201254 1174971]\n- [crypto] aes: AES CTR x86_64 'by8' AVX optimization (Herbert Xu) [1201254 1174971]\n- [kernel] audit: restore AUDIT_LOGINUID unset ABI (Richard Guy Briggs) [1197748 1120491]\n- [kernel] audit: replace getname()/putname() hacks with reference counters (Paul Moore) [1197746 1155208]\n- [kernel] audit: fix filename matching in __audit_inode() and __audit_inode_child() (Paul Moore) [1197746 1155208]\n- [kernel] audit: enable filename recording via getname_kernel() (Paul Moore) [1197746 1155208]\n- [fs] namei: simpler calling conventions for filename_mountpoint() (Paul Moore) [1197746 1155208]\n- [fs] namei: create proper filename objects using getname_kernel() (Paul Moore) [1197746 1155208]\n- [fs] namei: rework getname_kernel to handle up to PATH_MAX sized filenames (Paul Moore) [1197746 1155208]\n- [fs] namei: cut down the number of do_path_lookup() callers (Paul Moore) [1197746 1155208]\n- [fs] execve: use 'struct filename *' for executable name passing (Paul Moore) [1197746 1155208]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181177 1179347] {CVE-2014-8159}", "modified": "2015-05-12T00:00:00", "published": "2015-05-12T00:00:00", "id": "ELSA-2015-0987", "href": "http://linux.oracle.com/errata/ELSA-2015-0987.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "unix", "description": "[2.6.39-400.249.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3033", "href": "http://linux.oracle.com/errata/ELSA-2015-3033.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "unix", "description": "[3.10.0-229.1.2]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229.1.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181177 1179347] {CVE-2014-8159}\n[3.10.0-229.1.1]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1197751 1185400]\n- [virt] storvsc: ring buffer failures may result in I/O freeze (Vitaly Kuznetsov) [1197749 1171409]\n- [md] dm-thin: don't allow messages to be sent to a pool target in READ_ONLY or FAIL mode (Mike Snitzer) [1197745 1184592]\n- [kernel] workqueue: fix subtle pool management issue which can stall whole worker_pool (Eric Sandeen) [1197744 1165535]\n- [platform] thinkpad_acpi: support new BIOS version string pattern (Benjamin Tissoires) [1197743 1194830]\n- [x86] ioapic: kcrash: Prevent crash_kexec() from deadlocking on ioapic_lock (Baoquan He) [1197742 1182424]\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196588 1183959] {CVE-2015-1421}", "modified": "2015-03-26T00:00:00", "published": "2015-03-26T00:00:00", "id": "ELSA-2015-0726", "href": "http://linux.oracle.com/errata/ELSA-2015-0726.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "unix", "description": "kernel-uek\n[2.6.32-400.37.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3034", "href": "http://linux.oracle.com/errata/ELSA-2015-3034.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "unix", "description": "[2.6.32-504.16.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}\n[2.6.32-504.16.1]\n- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559]\n- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529}\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}\n- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559]\n- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334]\n- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395]\n- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395]\n- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314]\n- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115]\n- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690}\n- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584}\n- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763]\n- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884}\n- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825}\n- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831]\n- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]\n- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398]\n- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061]\n- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n- [security] Add PR_\n_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n[2.6.32-504.15.1]\n- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061]\n- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540]\n- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540]\n- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]\n- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540]\n- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168]\n[2.6.32-504.14.1]\n- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137]\n- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059]\n- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059]\n- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059]\n- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405]\n- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405]\n[2.6.32-504.13.1]\n- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]\n- [scsi] Revert 'fix our current target reap infrastructure' (David Milburn) [1188941 1168072]\n- [scsi] Revert 'dual scan thread bug fix' (David Milburn) [1188941 1168072]\n- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289]\n- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289]\n- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289]", "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "ELSA-2015-0864", "href": "http://linux.oracle.com/errata/ELSA-2015-0864.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.1.3]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3032", "href": "http://linux.oracle.com/errata/ELSA-2015-3032.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2019-05-29T18:13:49", "bulletinFamily": "NVD", "description": "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.", "modified": "2019-04-22T17:48:00", "id": "CVE-2014-8159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8159", "published": "2015-03-16T10:59:00", "title": "CVE-2014-8159", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "modified": "2018-01-05T02:29:00", "id": "CVE-2014-9584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9584", "published": "2015-01-09T21:59:00", "title": "CVE-2014-9584", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:14:41", "bulletinFamily": "NVD", "description": "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.", "modified": "2018-01-05T02:30:00", "id": "CVE-2015-3331", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3331", "published": "2015-05-27T10:59:00", "title": "CVE-2015-3331", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-15T21:51:55", "bulletinFamily": "NVD", "description": "Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.", "modified": "2018-10-30T16:26:00", "id": "CVE-2015-2150", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2150", "published": "2015-03-12T14:59:00", "title": "CVE-2015-2150", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.", "modified": "2019-01-03T17:08:00", "id": "CVE-2014-3215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3215", "published": "2014-05-08T10:55:00", "title": "CVE-2014-3215", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:14:40", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "modified": "2018-01-05T02:29:00", "id": "CVE-2015-1421", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1421", "published": "2015-03-16T10:59:00", "title": "CVE-2015-1421", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-04-11T19:14:37", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 505678 (BIG-IP), ID 525389 (BIG-IQ), ID 525390 (Enterprise Manager), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17245 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP DNS| 12.0.0| None| Low| Linux subsystem \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Linux subsystem \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ ADC| 4.5.0| None| Low| Linux subsystem \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Linux subsystem \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should limit system access to only trusted users. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-04-06T19:19:00", "published": "2015-09-08T22:22:00", "id": "F5:K17245", "href": "https://support.f5.com/csp/article/K17245", "title": "Linux kernel vulnerability CVE-2014-9584", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-03-19T09:01:40", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should limit system access to only trusted users. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17245.html", "id": "SOL17245", "title": "SOL17245 - Linux kernel vulnerability CVE-2014-9584", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-07-18T15:42:49", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP AAM | None | 12.0.0 \n11.4.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP AFM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP Analytics | None | 12.0.0 \n11.0.0 - 11.6.0 \n| Not vulnerable | None \n \nBIG-IP APM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP ASM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP DNS | None \n| 12.0.0 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP Link Controller | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP PEM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP WebAccelerator | None \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \n \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable \n| None \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n| Not vulnerable | None \n \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ Device | None | 4.2.0 - 4.5.0 \n| Not vulnerable | None \n \nBIG-IQ Security | None | 4.0.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ ADC | None | 4.5.0 \n| Not vulnerable | None \n \nLineRate | None | 2.5.0 - 2.6.1 \n| Not vulnerable | None \n \nF5 WebSafe | None | 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable \n| None \n\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2018-02-06T01:03:00", "published": "2015-11-04T03:45:00", "id": "F5:K17541", "href": "https://support.f5.com/csp/article/K17541", "title": "Linux kernel vulnerability CVE-2015-2150", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/500/sol16596.html", "id": "SOL16596", "title": "SOL16596 - Privilege escalation vulnerability CVE-2014-3215", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:19", "bulletinFamily": "software", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-11-03T00:00:00", "published": "2015-11-03T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/500/sol17541.html", "id": "SOL17541", "title": "SOL17541 - Linux kernel vulnerability CVE-2015-2150", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T02:11:15", "bulletinFamily": "software", "description": " \n\n\nThe __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. ([CVE-2015-3331](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331>)) \n\n\nImpact \n\n\nThis vulnerability may allow attackers to cause a denial-of-service (buffer overflow and system crash) or possibly execute arbitrary code. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-06-30T06:17:00", "id": "F5:K16819", "href": "https://support.f5.com/csp/article/K16819", "title": "Linux kernel vulnerability CVE-2015-3331", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:10", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "modified": "2015-06-29T00:00:00", "published": "2015-06-29T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16819.html", "id": "SOL16819", "title": "SOL16819 - Linux kernel vulnerability CVE-2015-3331", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-04-16T04:21:22", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 520183 (BIG-IP), ID 525368 (BIG-IQ), ID 525369 (Enterprise Manager), and INSTALLER-1420 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17242 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Severe*| SCTP kernel module \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ ADC| 4.5.0| None| Severe*| SCTP kernel module \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| High| SCTP FEP \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code (SCTP kernel module), but the code is not enabled by default. Before a remote attacker can exploit this vulnerability, a locally authenticated administrative user must load the vulnerable SCTP kernel module, create a listener (such as self IP) on the control plane, and allow SCTP traffic on this listener. Because of the specific conditions required for exploit, F5 Product Development considers affected BIG-IP/BIG-IQ/Enterprise Manager systems as not vulnerable in a standard configuration and severely vulnerable if the described conditions are met.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nIf you must load the vulnerable SCTP kernel module for your environment, F5 recommends that you block upstream traffic to the control plane of the affected systems. To mitigate this vulnerability for an affected system, you should permit access to the management interface, and/or the self IP that exposes SCTP listeners, over a secure network.\n\nTraffix SDC \n\nTo mitigate this vulnerability for an affected system, you should use iptables rules to limit SCTP access to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-04-06T19:15:00", "published": "2015-09-10T03:22:00", "id": "F5:K17242", "href": "https://support.f5.com/csp/article/K17242", "title": "Linux kernel SCTP vulnerability CVE-2015-1421", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:02:05", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code (SCTP kernel module), but the code is not enabled by default. Before a remote attacker can exploit this vulnerability, a locally authenticated administrative user must load the vulnerable SCTP kernel module, create a listener (such as self IP) on the control plane, and allow SCTP traffic on this listener. Because of the specific conditions required for exploit, F5 Product Development considers affected BIG-IP/BIG-IQ/Enterprise Manager systems as not vulnerable in a standard configuration and severely vulnerable if the described conditions are met.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nIf you must load the vulnerable SCTP kernel module for your environment, F5 recommends that you block upstream traffic to the control plane of the affected systems. To mitigate this vulnerability for an affected system, you should permit access to the management interface, and/or the self IP that exposes SCTP listeners, over a secure network.\n\nTraffix SDC \n\nTo mitigate this vulnerability for an affected system, you should use iptables rules to limit SCTP access to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-09T00:00:00", "published": "2015-09-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html", "id": "SOL17242", "title": "SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-04-22T00:00:00", "published": "2015-04-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16478.html", "id": "SOL16478", "title": "SOL16478 - Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-02-01T01:31:38", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-68.1.2.el7uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\n\n[3.8.13-68.1.1.el7uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421}", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-3019.NASL", "href": "https://www.tenable.com/plugins/nessus/82518", "published": "2015-04-02T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82518);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_bugtraq_id(72356, 73014, 73060);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-68.1.2.el7uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\n\n[3.8.13-68.1.1.el7uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004975.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004976.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.1.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.1.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3019\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.1.2.el6uek-0.4.3-4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.1.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.1.2.el7uek-0.4.3-4.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.1.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.1.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:31:38", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.249.3.el6uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n\n[2.6.39-400.249.2.el6uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-3020.NASL", "href": "https://www.tenable.com/plugins/nessus/82490", "published": "2015-04-01T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3020)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3020.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82490);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_bugtraq_id(72356, 73014, 73060);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3020)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.249.3.el6uek]\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n\n[2.6.39-400.249.2.el6uek]\n- xen-pciback: limit guest control of command register (Jan Beulich) \n[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions \n(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004961.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004962.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3020\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.249.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.249.3.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.249.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.249.3.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:39:22", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - crypto: aesni\n\n - fix memory usage in GCM decryption (Stephan Mueller)\n [Orabug: 21077385] (CVE-2015-3331)\n\n - xen/pciback: Don", "modified": "2020-02-02T00:00:00", "id": "ORACLEVM_OVMSA-2015-0060.NASL", "href": "https://www.tenable.com/plugins/nessus/83485", "published": "2015-05-15T00:00:00", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0060.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83485);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:34\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(67341, 71880, 71883, 73014, 73060, 74235, 74293);\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - crypto: aesni\n\n - fix memory usage in GCM decryption (Stephan Mueller)\n [Orabug: 21077385] (CVE-2015-3331)\n\n - xen/pciback: Don't disable PCI_COMMAND on PCI device\n reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438]\n (CVE-2015-2150)\n\n - xen-blkfront: fix accounting of reqs when migrating\n (Roger Pau Monne) [Orabug: 20860817]\n\n - Doc/cpu-hotplug: Specify race-free way to register CPU\n hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - net/iucv/iucv.c: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - net/core/flow.c: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - mm, vmstat: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697] \n\n - profile: Fix CPU hotplug callback registration (Srivatsa\n S. Bhat) \n\n - trace, ring-buffer: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - hwmon, via-cputemp: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) \n\n - hwmon, coretemp: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - octeon, watchdog: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - oprofile, nmi-timer: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - intel-idle: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - drivers/base/topology.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - acpi-cpufreq: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - scsi, fcoe: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697] \n\n - scsi, bnx2fc: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - scsi, bnx2i: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - arm64, debug-monitors: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - arm64, hw_breakpoint.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, kvm: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, oprofile, nmi: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, pci, amd-bus: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, hpet: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, intel, cacheinfo: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, amd, ibs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, therm_throt.c: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, mce: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, intel, uncore: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, vsyscall: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, cpuid: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - x86, msr: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - powerpc, sysfs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) \n\n - sparc, sysfs: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - s390, smp: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - s390, cacheinfo: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) \n\n - arm, hw-breakpoint: Fix CPU hotplug callback\n registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, err-inject: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, topology: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - ia64, palinfo: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - CPU hotplug, perf: Fix CPU hotplug callback registration\n (Srivatsa S. Bhat) [Orabug: 20917697]\n\n - CPU hotplug: Provide lockless versions of callback\n registration functions (Srivatsa S. Bhat) [Orabug:\n 20917697]\n\n - isofs: Fix unchecked printing of ER records (Jan Kara)\n [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha\n Levin) [Orabug: 20930548] (CVE-2014-9529)\n (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass\n the limit (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL\n allocations (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the\n allocator (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more\n gracefully (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on\n OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault\n handler (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS\n or NOSUID. (Stephen Smalley) [Orabug: 20930501]\n (CVE-2014-3215)\n\n - IB/core: Prevent integer overflow in ib_umem_get address\n arithmetic (Shachar Raindel) [Orabug: 20799875]\n (CVE-2014-8159) (CVE-2014-8159)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-May/000311.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-68.2.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:31:39", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-68.2.2.el7uek]\n\n* crypto: aesni\n\n* fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077385] {CVE-2015-3331}\n\n[3.8.13-68.2.1.el7uek]\n\n* xen/pciback: Don", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-3035.NASL", "href": "https://www.tenable.com/plugins/nessus/83448", "published": "2015-05-14T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3035.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83448);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2015-2150\", \"CVE-2015-3331\");\n script_bugtraq_id(67341, 71880, 71883, 73014, 73060, 74235, 74293);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-68.2.2.el7uek]\n\n* crypto: aesni\n\n* fix memory usage in GCM decryption (Stephan Mueller) \n[Orabug: 21077385] {CVE-2015-3331}\n\n[3.8.13-68.2.1.el7uek]\n\n* xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad \nRzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n\n* xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) \n [Orabug: 20860817]\n\n* Doc/cpu-hotplug: Specify race-free way to \nregister CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nnet/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. \nBhat) [Orabug: 20917697]\n\n* net/core/flow.c: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* mm, vmstat: Fix \nCPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n\n* profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* trace, ring-buffer: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* hwmon, \nvia-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* hwmon, coretemp: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* octeon, watchdog: \nFix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: \n20917697]\n\n* oprofile, nmi-timer: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* intel-idle: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \ndrivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa \nS. Bhat) [Orabug: 20917697]\n\n* acpi-cpufreq: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* scsi, fcoe: Fix \nCPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n\n* scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* scsi, bnx2i: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* arm64, \ndebug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* arm64, hw_breakpoint.c: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, kvm: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. \nBhat) [Orabug: 20917697]\n\n* x86, pci, amd-bus: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, hpet: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa \nS. Bhat) [Orabug: 20917697]\n\n* x86, amd, ibs: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, \ntherm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* x86, mce: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, intel, uncore: Fix CPU \nhotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nx86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* x86, cpuid: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* x86, msr: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* powerpc, \nsysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* sparc, sysfs: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* s390, smp: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* s390, \ncacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n[Orabug: 20917697]\n\n* arm, hw-breakpoint: Fix CPU hotplug callback \nregistration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* ia64, err-inject: \nFix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: \n20917697]\n\n* ia64, topology: Fix CPU hotplug callback registration \n(Srivatsa S. Bhat) [Orabug: 20917697]\n\n* ia64, palinfo: Fix CPU hotplug \ncallback registration (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* CPU \nhotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) \n [Orabug: 20917697]\n\n* CPU hotplug: Provide lockless versions of \ncallback registration functions (Srivatsa S. Bhat) [Orabug: 20917697]\n\n* \nisofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930551] {CVE-2014-9584}\n\n* KEYS: close race between key lookup and freeing (Sasha Levin) \n[Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n\n* mm: memcg: do not allow task about to OOM kill to bypass the limit \n(Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* fs: buffer: move allocation failure loop into the allocator (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: handle non-error OOM situations more gracefully (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: do not trap chargers with full callstack on OOM (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: rework and document OOM waiting and wakeup (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* mm: memcg: enable memcg OOM killer only for user faults (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* x86: finish user fault error path with fatal signal (Johannes Weiner) \n [Orabug: 20930539] {CVE-2014-8171}\n\n* arch: mm: pass userspace fault flag to generic fault handler (Johannes \nWeiner) [Orabug: 20930539] {CVE-2014-8171}\n\n* selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n\n* IB/core: Prevent integer overflow in ib_umem_get address arithmetic \n(Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005070.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.2.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2015-2150\", \"CVE-2015-3331\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3035\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.2.2.el6uek-0.4.3-4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.2.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.2.2.el7uek-0.4.3-4.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.2.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:31:39", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.249.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-3033.NASL", "href": "https://www.tenable.com/plugins/nessus/83046", "published": "2015-04-24T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3033.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83046);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.249.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-9584\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3033\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.249.4.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.249.4.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:31:39", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek\n[2.6.32-400.37.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-3034.NASL", "href": "https://www.tenable.com/plugins/nessus/83047", "published": "2015-04-24T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3034.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83047);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[2.6.32-400.37.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005021.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-9584\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3034\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.4.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.4.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.4.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.4.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.4.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.4.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.4.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.4.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:43:18", "bulletinFamily": "scanner", "description": "Updated kernel-rt packages that fix two security issues and several\nbugs are now available for Red Hat Enterprise MRG 2.5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2015-0751.NASL", "href": "https://www.tenable.com/plugins/nessus/82467", "published": "2015-03-31T00:00:00", "title": "RHEL 6 : MRG (RHSA-2015:0751)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0751. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82467);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_xref(name:\"RHSA\", value:\"2015:0751\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2015:0751)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix two security issues and several\nbugs are now available for Red Hat Enterprise MRG 2.5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThe MRG-Realtime 3.10 kernel-rt sources have been updated to include\nthe following bug fixes :\n\n* The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n* Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1201384)\n\nThis update also fixes the following bug :\n\n* The MRG kernel scheduler code was missing checks for the\nPREEMPT_LAZY flag allowing tasks to be preempted more times than\nnecessary causing latency spikes on the system. Additional checks for\nthe PREEMPT_LAZY flag were added to the check_preempt_wakeup() and\ncheck_preempt_curr() functions in the scheduler code so that preempt\nwakeups were reduced and these latency spikes were removed.\n(BZ#1157949)\n\nAll kernel-rt users are advised to upgrade to these updated packages,\nwhich correct these issues. The system must be rebooted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1421\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0751\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0751\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-229.rt56.147.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-229.rt56.147.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:43:18", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2015-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/82290", "published": "2015-03-27T00:00:00", "title": "RHEL 7 : kernel (RHSA-2015:0726)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0726. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82290);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_xref(name:\"RHSA\", value:\"2015:0726\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2015:0726)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThis update also fixes the following bugs :\n\n* In certain systems with multiple CPUs, when a crash was triggered on\none CPU with an interrupt handler and this CPU sent Non-Maskable\nInterrupt (NMI) to another CPU, and, at the same time, ioapic_lock had\nalready been acquired, a deadlock occurred in ioapic_lock. As a\nconsequence, the kdump service could become unresponsive. This bug has\nbeen fixed and kdump now works as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the\nthinkpad_acpi module was not properly loaded, and thus the function\nkeys and radio switches did not work. This update applies a new string\npattern of BIOS version, which fixes this bug, and function keys and\nradio switches now work as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all\nworker threads in the pool became blocked on a resource, and no\nmanager thread existed to create more workers. As a consequence, the\nrunning processes became unresponsive. With this update, the logic\naround manager creation has been changed to assure that the last\nworker thread becomes a manager thread and does not start executing\nwork items. Now, a manager thread exists, spawns new workers as\nneeded, and processes no longer hang. (BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for\nexample, due to thin-pool running out of metadata or data space, any\nattempt to make metadata changes such as creating a thin device or\nsnapshot thin device should error out cleanly. However, previously,\nthe kernel code returned verbose and alarming error messages to the\nuser. With this update, due to early trapping of attempt to make\nmetadata changes, informative errors are displayed, no longer\nunnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft\nHyper-V hypervisor, the storvsc module did not return the correct\nerror code for the upper level Small Computer System Interface (SCSI)\nsubsystem. As a consequence, a SCSI command failed and storvsc did not\nhandle such a failure properly under some conditions, for example,\nwhen RAID devices were created on top of storvsc devices. An upstream\npatch has been applied to fix this bug, and storvsc now returns the\ncorrect error code in the described situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1421\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0726\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0726\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-229.1.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T01:31:34", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:0726 :\n\nUpdated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/82287", "published": "2015-03-27T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2015-0726)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0726 and \n# Oracle Linux Security Advisory ELSA-2015-0726 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82287);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_bugtraq_id(72356, 73060);\n script_xref(name:\"RHSA\", value:\"2015:0726\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2015-0726)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0726 :\n\nUpdated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n(CVE-2014-8159, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during\nINIT collisions. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2015-1421, Important)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159\nissue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red\nHat.\n\nThis update also fixes the following bugs :\n\n* In certain systems with multiple CPUs, when a crash was triggered on\none CPU with an interrupt handler and this CPU sent Non-Maskable\nInterrupt (NMI) to another CPU, and, at the same time, ioapic_lock had\nalready been acquired, a deadlock occurred in ioapic_lock. As a\nconsequence, the kdump service could become unresponsive. This bug has\nbeen fixed and kdump now works as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the\nthinkpad_acpi module was not properly loaded, and thus the function\nkeys and radio switches did not work. This update applies a new string\npattern of BIOS version, which fixes this bug, and function keys and\nradio switches now work as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all\nworker threads in the pool became blocked on a resource, and no\nmanager thread existed to create more workers. As a consequence, the\nrunning processes became unresponsive. With this update, the logic\naround manager creation has been changed to assure that the last\nworker thread becomes a manager thread and does not start executing\nwork items. Now, a manager thread exists, spawns new workers as\nneeded, and processes no longer hang. (BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for\nexample, due to thin-pool running out of metadata or data space, any\nattempt to make metadata changes such as creating a thin device or\nsnapshot thin device should error out cleanly. However, previously,\nthe kernel code returned verbose and alarming error messages to the\nuser. With this update, due to early trapping of attempt to make\nmetadata changes, informative errors are displayed, no longer\nunnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft\nHyper-V hypervisor, the storvsc module did not return the correct\nerror code for the upper level Small Computer System Interface (SCSI)\nsubsystem. As a consequence, a SCSI command failed and storvsc did not\nhandle such a failure properly under some conditions, for example,\nwhen RAID devices were created on top of storvsc devices. An upstream\npatch has been applied to fix this bug, and storvsc now returns the\ncorrect error code in the described situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004952.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8159\", \"CVE-2015-1421\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-0726\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-229.1.2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-229.1.2.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T07:10:00", "bulletinFamily": "scanner", "description": "Update to latest upstream 4.0 release, Linux v4.0-rc4. This also\nshould fix some aarch64 hangs and builds with variant set. UEFI ESRT\nsupport is added.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "FEDORA_2015-4066.NASL", "href": "https://www.tenable.com/plugins/nessus/82056", "published": "2015-03-25T00:00:00", "title": "Fedora 22 : kernel-4.0.0-0.rc4.git0.1.fc22 (2015-4066)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4066.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82056);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-2150\");\n script_bugtraq_id(73014, 73060);\n script_xref(name:\"FEDORA\", value:\"2015-4066\");\n\n script_name(english:\"Fedora 22 : kernel-4.0.0-0.rc4.git0.1.fc22 (2015-4066)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream 4.0 release, Linux v4.0-rc4. This also\nshould fix some aarch64 hangs and builds with variant set. UEFI ESRT\nsupport is added.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1181166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196266\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5640de0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.0.0-0.rc4.git0.1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3020", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123143", "title": "Oracle Linux Local Check: ELSA-2015-3020", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3020.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123143\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:27 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3020\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3020 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3020\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3020.html\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3019", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123144", "title": "Oracle Linux Local Check: ELSA-2015-3019", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3019.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123144\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:27 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3019\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3019 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3019\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3019.html\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\", \"CVE-2015-2150\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.1.2.el7uek~0.4.3~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.1.2.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "scanner", "description": "The remote host is missing a security patch.", "modified": "2018-10-26T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310105356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105356", "title": "F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_sol17242.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105356\");\n script_cve_id(\"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html?sr=48315147\");\n\n script_tag(name:\"impact\", value:\"Remote attackers may be able to cause a denial-of-service (DoS) attack on an affected system by triggering an INIT collision in the Stream Control Transmission Protocol (SCTP). This vulnerability does not affect SCTP functionality on the data plane, but does affect the SCTP kernel module on the control plane for BIG-IP, BIG-IQ, and Enterprise Manager systems.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (CVE-2015-1421)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 14:09:09 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3034", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123126", "title": "Oracle Linux Local Check: ELSA-2015-3034", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3034.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123126\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3034\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3034 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3034\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3034.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3033", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123125", "title": "Oracle Linux Local Check: ELSA-2015-3033", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3033.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123125\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3033\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3033 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3033\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3033.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869595", "title": "Fedora Update for kernel FEDORA-2015-4066", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-4066\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869595\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:26:18 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-2150\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-4066\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4066\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.0.0~0.rc4.git0.1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-0726", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123149", "title": "Oracle Linux Local Check: ELSA-2015-0726", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0726.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123149\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0726\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0726 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0726\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0726.html\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.1.2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-27T00:00:00", "id": "OPENVAS:1361412562310871343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871343", "title": "RedHat Update for kernel RHSA-2015:0726-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:0726-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871343\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 06:53:37 +0100 (Fri, 27 Mar 2015)\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:0726-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n * A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n * In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n * On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n * During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n * If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndis ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0726-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00050.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~229.1.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3036", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123114", "title": "Oracle Linux Local Check: ELSA-2015-3036", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3036.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123114\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3036\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3036 - Unbreakable Enterprise kernel security and bugfix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3036\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3036.html\");\n script_cve_id(\"CVE-2015-2150\", \"CVE-2015-3331\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3035", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123113", "title": "Oracle Linux Local Check: ELSA-2015-3035", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3035.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123113\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:03 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3035\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3035 - Unbreakable Enterprise kernel security and bugfix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3035\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3035.html\");\n script_cve_id(\"CVE-2015-2150\", \"CVE-2015-3331\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.2.2.el7uek~0.4.3~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.2.2.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:06", "bulletinFamily": "software", "description": "CVE-2014-8159 \u2013 Linux Kernel Infiniband Vulnerability\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 10.04 LTS and 14.04 LTS \n\n# Description\n\nIt was found that the Linux kernel\u2019s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from the userspace via the (u)verbs API. As a result, an unrestricted physical memory access could be achieved. A local user with access to /dev/infiniband/uverbsX could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n\nThe Cloud Foundry team is aware of vulnerable versions of the Linux kernel but has determined that the project is not affected by this vulnerability.\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * The Cloud Foundry team is expecting to release a patched BOSH stemcell with an upgraded Linux kernel. We will update this page when it is released. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore do not require any upgrades. \n\n# Credit\n\nMellanox\n\n# References\n\n * <http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8159.html>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "modified": "2015-03-13T00:00:00", "published": "2015-03-13T00:00:00", "id": "CFOUNDRY:E6A4F4CA4992F74F2F0295F1E7A9A5D0", "href": "https://www.cloudfoundry.org/blog/cve-2014-8159/", "title": "CVE-2014-8159 - Linux Kernel Infiniband Vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.1.2, which\nprovides a number of bug fixes over the previous version, including:\n\n- The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n- Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1203359)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues. The system must be rebooted for this update to take\neffect.", "modified": "2018-03-19T16:29:52", "published": "2015-03-26T13:17:14", "id": "RHSA-2015:0727", "href": "https://access.redhat.com/errata/RHSA-2015:0727", "type": "redhat", "title": "(RHSA-2015:0727) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThe MRG-Realtime 3.10 kernel-rt sources have been updated to include the\nfollowing bug fixes:\n\n* The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n* Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1201384)\n\nThis update also fixes the following bug:\n\n* The MRG kernel scheduler code was missing checks for the PREEMPT_LAZY\nflag allowing tasks to be preempted more times than necessary causing\nlatency spikes on the system. Additional checks for the PREEMPT_LAZY flag\nwere added to the check_preempt_wakeup() and check_preempt_curr() functions\nin the scheduler code so that preempt wakeups were reduced and these\nlatency spikes were removed. (BZ#1157949)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues. The system must be rebooted for this update to take\neffect.\n", "modified": "2018-06-07T08:58:25", "published": "2015-03-30T04:00:00", "id": "RHSA-2015:0751", "href": "https://access.redhat.com/errata/RHSA-2015:0751", "type": "redhat", "title": "(RHSA-2015:0751) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V\nhypervisor, the storvsc module did not return the correct error code for\nthe upper level Small Computer System Interface (SCSI) subsystem. As a\nconsequence, a SCSI command failed and storvsc did not handle such a\nfailure properly under some conditions, for example, when RAID devices were\ncreated on top of storvsc devices. An upstream patch has been applied to\nfix this bug, and storvsc now returns the correct error code in the\ndescribed situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-07-10T18:08:41", "published": "2015-03-26T13:16:32", "id": "RHSA-2015:0726", "href": "https://access.redhat.com/errata/RHSA-2015:0726", "type": "redhat", "title": "(RHSA-2015:0726) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-06-06T20:24:17", "published": "2015-04-21T04:00:00", "id": "RHSA-2015:0864", "href": "https://access.redhat.com/errata/RHSA-2015:0864", "type": "redhat", "title": "(RHSA-2015:0864) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting this issue.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T12:08:14", "published": "2015-04-22T04:00:00", "id": "RHSA-2015:0870", "href": "https://access.redhat.com/errata/RHSA-2015:0870", "type": "redhat", "title": "(RHSA-2015:0870) Important: kernel security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:54", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0726\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V\nhypervisor, the storvsc module did not return the correct error code for\nthe upper level Small Computer System Interface (SCSI) subsystem. As a\nconsequence, a SCSI command failed and storvsc did not handle such a\nfailure properly under some conditions, for example, when RAID devices were\ncreated on top of storvsc devices. An upstream patch has been applied to\nfix this bug, and storvsc now returns the correct error code in the\ndescribed situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033062.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0726.html", "modified": "2015-04-01T03:22:51", "published": "2015-04-01T03:22:51", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033062.html", "id": "CESA-2015:0726", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:47", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0864\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033121.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0864.html", "modified": "2015-04-22T09:51:52", "published": "2015-04-22T09:51:52", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033121.html", "id": "CESA-2015:0864", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:42", "bulletinFamily": "unix", "description": "Vincent Tondellier discovered an integer overflow in the Linux kernel\u2019s netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). (CVE-2014-9715)\n\nJan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331)", "modified": "2015-05-20T00:00:00", "published": "2015-05-20T00:00:00", "id": "USN-2613-1", "href": "https://usn.ubuntu.com/2613-1/", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:50", "bulletinFamily": "unix", "description": "Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331)\n\nWen Xu discovered a use-after-free flaw in the Linux kernel\u2019s ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636)\n\nCarl H Lunde discovered missing sanity checks in the Linux kernel\u2019s UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167)", "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "USN-2632-1", "href": "https://usn.ubuntu.com/2632-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:09", "bulletinFamily": "unix", "description": "Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331)\n\nWen Xu discovered a use-after-free flaw in the Linux kernel\u2019s ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636)\n\nCarl H Lunde discovered missing sanity checks in the Linux kernel\u2019s UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167)", "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "USN-2631-1", "href": "https://usn.ubuntu.com/2631-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:06", "bulletinFamily": "unix", "description": "Vincent Tondellier discovered an integer overflow in the Linux kernel\u2019s netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). (CVE-2014-9715)\n\nJan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150)\n\nA privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. (CVE-2015-2830)\n\nA memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331)", "modified": "2015-05-20T00:00:00", "published": "2015-05-20T00:00:00", "id": "USN-2614-1", "href": "https://usn.ubuntu.com/2614-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:48", "bulletinFamily": "unix", "description": "It was discovered that the Linux kernel\u2019s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.", "modified": "2015-03-12T00:00:00", "published": "2015-03-12T00:00:00", "id": "USN-2528-1", "href": "https://usn.ubuntu.com/2528-1/", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:08", "bulletinFamily": "unix", "description": "It was discovered that the Linux kernel\u2019s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.", "modified": "2015-03-12T00:00:00", "published": "2015-03-12T00:00:00", "id": "USN-2529-1", "href": "https://usn.ubuntu.com/2529-1/", "title": "Linux kernel (Utopic HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2631-1\r\nJune 10, 2015\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nJan Beulich discovered the Xen virtual machine subsystem of the Linux\r\nkernel did not properly restrict access to PCI command registers. A local\r\nguest user could exploit this flaw to cause a denial of service (host\r\ncrash). (CVE-2015-2150)\r\n\r\nA privilege escalation was discovered in the fork syscall via the int80\r\nentry on 64 bit kernels with 32 bit emulation support. An unprivileged\r\nlocal attacker could exploit this flaw to increase their privileges on the\r\nsystem. (CVE-2015-2830)\r\n\r\nA memory corruption issue was discovered in AES decryption when using the\r\nIntel AES-NI accelerated code path. A remote attacker could exploit this\r\nflaw to cause a denial of service (system crash) or potentially escalate\r\nprivileges on Intel base machines with AEC-GCM mode IPSec security\r\nassociation. (CVE-2015-3331)\r\n\r\nWen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping\r\nsupport. A local user could exploit this flaw to cause a denial of service\r\n(system crash) or gain administrative privileges on the system.\r\n(CVE-2015-3636)\r\n\r\nCarl H Lunde discovered missing sanity checks in the the Linux kernel's UDF\r\nfile system (CONFIG_UDF_FS). A local attack could exploit this flaw to cause\r\na denial of service (system crash) by using a corrupted filesystem image.\r\n(CVE-2015-4167)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n linux-image-3.2.0-85-generic 3.2.0-85.122\r\n linux-image-3.2.0-85-generic-pae 3.2.0-85.122\r\n linux-image-3.2.0-85-highbank 3.2.0-85.122\r\n linux-image-3.2.0-85-omap 3.2.0-85.122\r\n linux-image-3.2.0-85-powerpc-smp 3.2.0-85.122\r\n linux-image-3.2.0-85-powerpc64-smp 3.2.0-85.122\r\n linux-image-3.2.0-85-virtual 3.2.0-85.122\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2631-1\r\n CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636,\r\n CVE-2015-4167\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.2.0-85.122\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-06-13T00:00:00", "published": "2015-06-13T00:00:00", "id": "SECURITYVULNS:DOC:32205", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32205", "title": "[USN-2631-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Insufficient privileges drop.", "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:VULN:13781", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13781", "title": "seunshare privileges escalation", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nWe think there should be a CVE ID for the combination of these two\r\nobservations:\r\n\r\n1. seunshare is intended to be setuid root (see the\r\nhttp://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile\r\nfile)\r\n\r\n2. dropping privileges no longer makes the traditional change to the\r\nsaved set-user-ID, as shown by the getresuid example in the\r\nhttp://openwall.com/lists/oss-security/2014/04/30/4 post\r\n\r\nUse CVE-2014-3215.\r\n\r\nThis message obviously isn't intended to contribute to the technical\r\ndiscussion of how the design of seunshare and other software led to\r\nthis state. Also, nobody has sent MITRE's cve-assign team a PoC in\r\nwhich running seunshare contributes to a privilege escalation.\r\nCVE-2014-3215 might be considered an "exposure." Essentially, running\r\nseunshare is a way to bypass a potentially important protection\r\nmechanism, and that wasn't a documented effect of installing\r\nseunshare.\r\n\r\n- -- \r\nCVE assignment team, MITRE CVE Numbering Authority\r\nM/S M300\r\n202 Burlington Road, Bedford, MA 01730 USA\r\n[ PGP key available through http://cve.mitre.org/cve/request_id.html ]\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 (SunOS)\r\n\r\niQEcBAEBAgAGBQJTaviCAAoJEKllVAevmvmsfkQH/21wa2jxXCFiCe8YorCTcQuk\r\nXmoAgLF4bBNpP8ws8gtdHBWt5mQdo51+pZ9xAWc0og2+cqPCQZTnndookDKkbMSM\r\nTMeI23USLjEqMLnBYBAy5WDwyFcCToBBiCDXpO6KGdLBwJ6A9EudJkUcU2R63jD5\r\nwT84zak6hiGYJGnRxTlKxboMzVIFXlnWmYxm+cA7B9iGBV8bAZU/xOi9z0C2a13h\r\nZZYitwxwMvtpcQJZtf6iSxix4lH1RIeJmbFY5X8CTgQzpVEjCaW3GH/vpTX5ZpcJ\r\nK2pxzuVIUhbxVapPmy4mYnhus78WVwOveydO7jdEk9yh9wnUZUte4ihizxJsxZU=\r\n=P4Px\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30741", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30741", "title": "[oss-security] Re: local privilege escalation due to capng_lock as used in seunshare", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:47", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.\n\n \n**Affected Packages:** \n\n\nlibcap-ng\n\n \n**Issue Correction:** \nRun _yum update libcap-ng_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libcap-ng-utils-0.7.3-5.13.amzn1.i686 \n libcap-ng-python-0.7.3-5.13.amzn1.i686 \n libcap-ng-debuginfo-0.7.3-5.13.amzn1.i686 \n libcap-ng-0.7.3-5.13.amzn1.i686 \n libcap-ng-devel-0.7.3-5.13.amzn1.i686 \n \n src: \n libcap-ng-0.7.3-5.13.amzn1.src \n \n x86_64: \n libcap-ng-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-debuginfo-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-python-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-devel-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-utils-0.7.3-5.13.amzn1.x86_64 \n \n \n", "modified": "2015-06-16T11:41:00", "published": "2015-06-16T11:41:00", "id": "ALAS-2015-543", "href": "https://alas.aws.amazon.com/ALAS-2015-543.html", "title": "Medium: libcap-ng", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:52", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum clean all_ followed by _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-tools-debuginfo-3.14.44-32.39.amzn1.i686 \n kernel-3.14.44-32.39.amzn1.i686 \n perf-debuginfo-3.14.44-32.39.amzn1.i686 \n kernel-tools-3.14.44-32.39.amzn1.i686 \n kernel-debuginfo-3.14.44-32.39.amzn1.i686 \n kernel-headers-3.14.44-32.39.amzn1.i686 \n kernel-debuginfo-common-i686-3.14.44-32.39.amzn1.i686 \n kernel-tools-devel-3.14.44-32.39.amzn1.i686 \n perf-3.14.44-32.39.amzn1.i686 \n kernel-devel-3.14.44-32.39.amzn1.i686 \n \n noarch: \n kernel-doc-3.14.44-32.39.amzn1.noarch \n \n src: \n kernel-3.14.44-32.39.amzn1.src \n \n x86_64: \n kernel-tools-3.14.44-32.39.amzn1.x86_64 \n kernel-debuginfo-3.14.44-32.39.amzn1.x86_64 \n kernel-3.14.44-32.39.amzn1.x86_64 \n kernel-headers-3.14.44-32.39.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-3.14.44-32.39.amzn1.x86_64 \n perf-3.14.44-32.39.amzn1.x86_64 \n kernel-devel-3.14.44-32.39.amzn1.x86_64 \n perf-debuginfo-3.14.44-32.39.amzn1.x86_64 \n kernel-tools-debuginfo-3.14.44-32.39.amzn1.x86_64 \n kernel-tools-devel-3.14.44-32.39.amzn1.x86_64 \n \n \n", "modified": "2015-06-16T11:42:00", "published": "2015-06-16T11:42:00", "id": "ALAS-2015-544", "href": "https://alas.aws.amazon.com/ALAS-2015-544.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:38", "bulletinFamily": "unix", "description": "### Background\n\npolicycoreutils is a collection of SELinux policy utilities.\n\n### Description\n\nThe seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call. \n\n### Impact\n\nA local attacker may be able to gain escalated privileges.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll policycoreutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-apps/policycoreutils-2.2.5-r4\"", "modified": "2014-12-26T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-44", "href": "https://security.gentoo.org/glsa/201412-44", "type": "gentoo", "title": "policycoreutils: Privilege escalation", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)

Description

Description of changes: [2.6.39-400.250.2.el6uek] - crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331} [2.6.39-400.250.1.el6uek] - xen/pciback: Don

Description of changes:

[2.6.39-400.250.2.el6uek] - crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}

[2.6.39-400.250.1.el6uek] - xen/pciback: Don