Executive Summary

Summary
Title Red Hat Enterprise MRG Realtime 2.5 security and enhancement update
Informations
Name RHSA-2014:1318 First vendor Publication 2014-09-29
Vendor RedHat Last vendor Modification 2014-09-29
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.

MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications.

* An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, Moderate)

* A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate)

* A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate)

* A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low)

* An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low)

* Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low)

* It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)

This update also adds the following enhancement:

* The Solarflare SFC9120 10GBE Ethernet NICs were not supported by the MRG Realtime kernel. With this update, the drivers have been updated to enable the Solarflare SFC9120 cards on the Realtime kernel. (BZ#1086945)

All Red Hat Enterprise MRG Realtime users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1111180 - CVE-2014-4171 Kernel: mm/shmem: denial of service 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1141173 - CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver 1141210 - CVE-2014-3182 Kernel: HID: logitech-dj OOB array access 1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines 1141400 - CVE-2014-3185 Kernel: USB serial: memory corruption flaw 1141809 - CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-1318.html

CWE : Common Weakness Enumeration

% Id Name
57 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
29 % CWE-399 Resource Management Errors
14 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25927
 
Oval ID: oval:org.mitre.oval:def:25927
Title: USN-2354-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2354-1
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26618
 
Oval ID: oval:org.mitre.oval:def:26618
Title: USN-2355-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2355-1
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26623
 
Oval ID: oval:org.mitre.oval:def:26623
Title: USN-2357-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2357-1
CVE-2014-3601
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26630
 
Oval ID: oval:org.mitre.oval:def:26630
Title: USN-2358-1 -- linux-lts-trusty vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2358-1
CVE-2014-3601
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26736
 
Oval ID: oval:org.mitre.oval:def:26736
Title: USN-2359-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2359-1
CVE-2014-3601
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26779
 
Oval ID: oval:org.mitre.oval:def:26779
Title: USN-2356-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2356-1
CVE-2014-3601
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27155
 
Oval ID: oval:org.mitre.oval:def:27155
Title: USN-2374-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2374-1
CVE-2014-3184
CVE-2014-3185
CVE-2014-6410
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27182
 
Oval ID: oval:org.mitre.oval:def:27182
Title: USN-2375-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2375-1
CVE-2014-3184
CVE-2014-3185
CVE-2014-6410
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27236
 
Oval ID: oval:org.mitre.oval:def:27236
Title: ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update (important)
Description: kernel-uek [3.8.13-44.1.4.el7uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849334] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849317] {CVE-2014-3181} - kvm: vmx: handle invvpid vm exit gracefully (Petr Matousek) [Orabug: 19906300] {CVE-2014-3646} - nEPT: Nested INVEPT (Nadav Har'El) [Orabug: 19906267] {CVE-2014-3645} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905686] {CVE-2014-3611}
Family: unix Class: patch
Reference(s): ELSA-2014-3084
CVE-2014-3611
CVE-2014-3645
CVE-2014-3646
CVE-2014-3185
CVE-2014-3181
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27243
 
Oval ID: oval:org.mitre.oval:def:27243
Title: ELSA-2014-3085 -- Unbreakable Enterprise kernel Security update (important)
Description: [2.6.39-400.215.12] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849335] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849318] {CVE-2014-3181} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905687] {CVE-2014-3611}
Family: unix Class: patch
Reference(s): ELSA-2014-3085
CVE-2014-3611
CVE-2014-3185
CVE-2014-3181
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27522
 
Oval ID: oval:org.mitre.oval:def:27522
Title: ELSA-2014-1843 -- kernel security and bug fix update (important)
Description: [2.6.32-504.1.3] - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] [2.6.32-504.1.2] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} [2.6.32-504.1.1] - [fs] call d_op->d_hash on last component of umount path (Abhijith Das) [1145193 1129712] - [usb] serial: memory corruption flaw (Jacob Tanenbaum) [1141401 1141402] {CVE-2014-3185} - [char] ipmi: Clear drvdata when interface is removed (Tony Camuso) [1149578 1135910] - [char] ipmi: init shadow_ipmi_smi_handlers early in ipmi_si_intf (Tony Camuso) [1149580 1139464] - [net] ipsec: update MAX_AH_AUTH_LEN to support sha512 (Herbert Xu) [1149083 1140103] - [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] - [netdrv] virtio-net: fix big buffer receiving (Jason Wang) [1148693 1144073] - [netdrv] tg3: prevent ifup/ifdown during PCI error recovery (Ivan Vecera) [1142570 1117009]
Family: unix Class: patch
Reference(s): ELSA-2014-1843
CVE-2014-3611
CVE-2014-3645
CVE-2014-3646
CVE-2014-3185
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27668
 
Oval ID: oval:org.mitre.oval:def:27668
Title: ELSA-2014-3105 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.12] - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3184} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192545] {CVE-2014-4652} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192451] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192420] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192379] {CVE-2014-4656} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192060] {CVE-2014-3688}
Family: unix Class: patch
Reference(s): ELSA-2014-3105
CVE-2014-3184
CVE-2014-3688
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27719
 
Oval ID: oval:org.mitre.oval:def:27719
Title: SUSE-SU-2014:1316-1 -- Security update for Linux kernel (important)
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1316-1
CVE-2013-1979
CVE-2014-1739
CVE-2014-2706
CVE-2014-4027
CVE-2014-4171
CVE-2014-4508
CVE-2014-4667
CVE-2014-4943
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
CVE-2014-3153
CVE-2014-6410
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28126
 
Oval ID: oval:org.mitre.oval:def:28126
Title: SUSE-SU-2014:1319-1 -- Security update for Linux kernel (important)
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1319-1
CVE-2013-1979
CVE-2014-1739
CVE-2014-2706
CVE-2014-4027
CVE-2014-4171
CVE-2014-4508
CVE-2014-4667
CVE-2014-4943
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
CVE-2014-3153
CVE-2014-6410
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28305
 
Oval ID: oval:org.mitre.oval:def:28305
Title: ELSA-2014-3103 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [3.8.13-55.1.1] - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192540] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192516] {CVE-2014-4027} - HID: logitech: perform bounds checking on device_id early enough (Jiri Kosina) [Orabug: 20192477] {CVE-2014-3182} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192448] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192416] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192367] {CVE-2014-4656} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192208] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192058] {CVE-2014-3688}
Family: unix Class: patch
Reference(s): ELSA-2014-3103
CVE-2014-3182
CVE-2014-3186
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): kernel-uek
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28373
 
Oval ID: oval:org.mitre.oval:def:28373
Title: ELSA-2014-3096 -- Unbreakable Enterprise kernel security update (important)
Description: Unbreakable Enterprise kernel security update
Family: unix Class: patch
Reference(s): ELSA-2014-3096
CVE-2014-3184
CVE-2014-4014
CVE-2014-1739
CVE-2014-4171
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): kernel-uek
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28399
 
Oval ID: oval:org.mitre.oval:def:28399
Title: RHSA-2014:1971 -- kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate) * Multiple flaws were found in the way the Linux kernel's ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low) * An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low) * An information leak flaw in the Linux kernel's ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low)
Family: unix Class: patch
Reference(s): RHSA-2014:1971
CESA-2014:1971
CVE-2013-2929
CVE-2014-1739
CVE-2014-3181
CVE-2014-3182
CVE-2014-3184
CVE-2014-3185
CVE-2014-3186
CVE-2014-3631
CVE-2014-3673
CVE-2014-3687
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-5045
CVE-2014-6410
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28418
 
Oval ID: oval:org.mitre.oval:def:28418
Title: ELSA-2014-1971 -- kernel security and bug fix update (important)
Description: [3.10.0-123.13.1] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.13.1] - [powerpc] mm: Make sure a local_irq_disable prevent a parallel THP split (Don Zickus) [1151057 1083296] - [powerpc] Implement __get_user_pages_fast() (Don Zickus) [1151057 1083296] - [scsi] vmw_pvscsi: Some improvements in pvscsi driver (Ewan Milne) [1144016 1075090] - [scsi] vmw_pvscsi: Add support for I/O requests coalescing (Ewan Milne) [1144016 1075090] - [scsi] vmw_pvscsi: Fix pvscsi_abort() function (Ewan Milne) [1144016 1075090] [3.10.0-123.12.1] - [alsa] control: Make sure that id->index does not overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656} - [alsa] control: Handle numid overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656} - [alsa] control: Protect user controls against concurrent access (Jaroslav Kysela) [1117338 1117339] {CVE-2014-4652} - [alsa] control: Fix replacing user controls (Jaroslav Kysela) [1117323 1117324] {CVE-2014-4654 CVE-2014-4655} - [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155750 1152755] {CVE-2014-3688} - [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155737 1152755] {CVE-2014-3687} - [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147856 1152755] {CVE-2014-3673} - [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147856 1152755] [1155737 1152755] [1155750 1152755] - [pci] Add ACS quirk for Intel 10G NICs (Alex Williamson) [1156447 1141399] - [pci] Add ACS quirk for Solarflare SFC9120 & SFC9140 (Alex Williamson) [1158316 1131552] - [lib] assoc_array: Fix termination condition in assoc array garbage collection (David Howells) [1155136 1139431] {CVE-2014-3631} - [block] cfq-iosched: Add comments on update timing of weight (Vivek Goyal) [1152874 1116126] - [block] cfq-iosched: Fix wrong children_weight calculation (Vivek Goyal) [1152874 1116126] - [powerpc] mm: Check paca psize is up to date for huge mappings (Gustavo Duarte) [1151927 1107337] - [x86] perf/intel: ignore CondChgd bit to avoid false NMI handling (Don Zickus) [1146819 1110264] - [x86] smpboot: initialize secondary CPU only if master CPU will wait for it (Phillip Lougher) [1144295 968147] - [x86] smpboot: Log error on secondary CPU wakeup failure at ERR level (Igor Mammedov) [1144295 968147] - [x86] smpboot: Fix list/memory corruption on CPU hotplug (Igor Mammedov) [1144295 968147] - [acpi] processor: do not mark present at boot but not onlined CPU as onlined (Igor Mammedov) [1144295 968147] - [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142321 1142322] {CVE-2014-6410} - [hid] picolcd: fix memory corruption via OOB write (Jacob Tanenbaum) [1141408 1141409] {CVE-2014-3186} - [usb] serial/whiteheat: fix memory corruption flaw (Jacob Tanenbaum) [1141403 1141404] {CVE-2014-3185} - [hid] fix off by one error in various _report_fixup routines (Jacob Tanenbaum) [1141393 1141394] {CVE-2014-3184} - [hid] logitech-dj: fix OOB array access (Jacob Tanenbaum) [1141211 1141212] {CVE-2014-3182} - [hid] fix OOB write in magicmouse driver (Jacob Tanenbaum) [1141176 1141177] {CVE-2014-3181} - [acpi] Fix bug when ACPI reset register is implemented in system memory (Nigel Croxon) [1136525 1109971] - [fs] vfs: fix ref count leak in path_mountpoint() (Ian Kent) [1122481 1122376] {CVE-2014-5045} - [kernel] ptrace: get_dumpable() incorrect tests (Jacob Tanenbaum) [1111605 1111606] {CVE-2013-2929} - [media] media-device: fix an information leakage (Jacob Tanenbaum) [1109776 1109777] {CVE-2014-1739} - [target] rd: Refactor rd_build_device_space + rd_release_device_space (Denys Vlasenko) [1108754 1108755] {CVE-2014-4027} - [block] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t (Vivek Goyal) [1158313 1118436] - [virt] kvm: fix PIT timer race condition (Petr Matousek) [1144879 1144880] {CVE-2014-3611} - [virt] kvm/vmx: handle invept and invvpid vm exits gracefully (Petr Matousek) [1145449 1116936] [1144828 1144829] {CVE-2014-3645 CVE-2014-3646} [3.10.0-123.11.1] - [net] fix UDP tunnel GSO of frag_list GRO packets (Phillip Lougher) [1149661 1119392] [3.10.0-123.10.1] - [pci] hotplug: Prevent NULL dereference during pciehp probe (Myron Stowe) [1142393 1133107] - [kernel] workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() (Tomas Henzl) [1151314 1131563]
Family: unix Class: patch
Reference(s): ELSA-2014-1971
CVE-2013-2929
CVE-2014-4654
CVE-2014-4655
CVE-2014-5045
CVE-2014-3185
CVE-2014-3181
CVE-2014-3687
CVE-2014-3673
CVE-2014-3184
CVE-2014-1739
CVE-2014-3182
CVE-2014-3186
CVE-2014-3631
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28482
 
Oval ID: oval:org.mitre.oval:def:28482
Title: ELSA-2014-3104 -- Unbreakable Enterprise kernel security update (important)
Description: [2.6.39-400.215.14] - HID: magicmouse: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 19849355] {CVE-2014-3181} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192542] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192517] {CVE-2014-4027} - media-device: fix infoleak in ioctl media_enum_entities() (Salva Peiro) [Orabug: 20192501] {CVE-2014-1739} {CVE-2014-1739} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192449] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192418] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192376] {CVE-2014-465} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192205] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192059] {CVE-2014-3688}
Family: unix Class: patch
Reference(s): ELSA-2014-3104
CVE-2014-3181
CVE-2014-1739
CVE-2014-3186
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1
Os 2158

Nessus® Vulnerability Scanner

Date Description
2017-10-27 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL74413297.nasl - Type : ACT_GATHER_INFO
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2016-06-20 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL41739114.nasl - Type : ACT_GATHER_INFO
2015-08-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150722_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-06-18 Name : The remote Debian host is missing a security update.
File : debian_DLA-246.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0068-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0652-1.nasl - Type : ACT_GATHER_INFO
2015-04-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0803.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0040.nasl - Type : ACT_GATHER_INFO
2015-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0782.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-118.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-103.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-3012.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0695.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0284.nasl - Type : ACT_GATHER_INFO
2015-01-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150128_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141217.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141202.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3107.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-791.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-793.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3106.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3108.nasl - Type : ACT_GATHER_INFO
2014-12-18 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141216_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-12-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1997.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1997.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1997.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15912.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3105.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3104.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3103.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3096.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1843.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1843.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1843.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3086.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3085.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3084.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-201.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2375-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2374-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2376-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2378-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2379-1.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1318.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11008.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2354-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2355-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2356-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2358-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2359-1.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11097.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10312.nasl - Type : ACT_GATHER_INFO
2014-09-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11031.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2337-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2336-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2334-1.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9959.nasl - Type : ACT_GATHER_INFO
2014-08-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-493.nasl - Type : ACT_GATHER_INFO
2014-08-09 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9142.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-478.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9010.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-10-02 13:27:20
  • Multiple Updates
2014-09-30 00:28:23
  • Multiple Updates
2014-09-30 00:23:13
  • First insertion