Oracle Linux 6 : rdma / stack (ELSA-2013-1661)

high Nessus Plugin ID 71110

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1661 advisory.

ibutils [1.5.7-8]
- Add the -output patch to have programs use /var/cache/ibutils instead of /tmp Resolves: bz958569

infinipath-psm
* Thu Jan 24 2013 Jay Fenlason <[email protected]>
- Put the udev rules file in the right place Resolves: rhbz866732
- include a patch from upstream to fix undefined references Resolves: rhbz887730

[3.0.1-115.1015_open.1]
- New upstream releas Resolves: rhbz818789

[ 2.9-926.1005_open.2]
- Add the udev rules file to close Resolves: rhbz747406

[2.9-926.1005_open.1]
- New upstream version.
Resolves: rhbz635915

* Fri Nov 05 2010 Jay Fenlason <[email protected]>
- Include the -execstack patch to get libinfinipath.so correctly labeled as not executing the stack.
Resolves: rhbz612936

[1.13-2]
- Use macros for lib and include directories, and include dist tag in release field.
- Corrected License field.
- Corrected Requires lines for libuuid.
- Add Exclusive-arch x86_64 Related: rhbz570274

[1.13-1]
- Initial build.

libibverbs [1.1.7-1]
- Update to latest upstream release
- Remove patches that are now part of upstream
- Fix ibv_srq_pingpong with negative value to -s option
- Resolves: bz879191

libmlx4 [1.0.5-4.el6.1]
- Fix dracut module for compatibility with RHEL6 version of dracut.
- Resolves: bz789121

[1.0.5-4]
- Add dracut module
- Fix URL

[1.0.5-3]
- Reduce the dependencies of the setup script even further, it no longer needs grep

[1.0.5-2]
- The setup script needs to have execute permissions

[1.0.5-1]
- Update to latest upstream
- Drop awk based setup for a bash based setup, making including the setup code on an initramfs easier
- Modernize spec file
- Related: bz950915

librdmacm [1.0.17-1]
- Official 1.0.17 release
- The fix to bug 866221 got kicked back as incomplete last time, fix it for real this time.
- Intel adapters that use the qib driver don't like using inline data, so use a memory region that is registered instead
- Resolves: bz866221, bz828071

mpitests [3.2-9]
- Backport fixes from RHEL-7 Resolves: rhbz1002332

[3.2-7]
- include BuildRequires: hwloc-devel from RHEL-7.0
- Add win_free patch to close Resolves: rhbz734023

mstflint [3.0-0.6.g6961daa.1]
- Update to newer tarball that resolves licensing issues with the last tarball
- Related: bz818183

[3.0-0.5.gff93670.1]
- Update to latest upstream version, which includes ConnectIB support
- Resolves: bz818183

openmpi [1.5.4-2.0.1]
- Obsolete openmpi-psm-devel for 32bit

[1.5.4-2]
- Fix the build process by getting rid of the -build patch and autogen to fix Resolves: rhbz749115

perftest [2.0-2]
- Fix rpmdiff detected error. Upstream overrode our cflags so stack protector got turned off.
- Related: bz806183

[2.0-1]
- Update to latest upstream release
- We had to drop ib_clock_test program as no equivalent exists in the latest release
- Resolves: bz806183, bz806185, bz830099

[1.3.0-2]
- Update to latest upstream release
- No longer strip rocee related code out, we can compile with it now
- Related: bz739138

qperf [0.4.9-1.0.1]
- Rebuild for ULN upgrade

[0.4.9-1]
- Update to latest upstream release
- Resolves: bz814909, bz840269

rdma [3.10-3.0.1]
- Append mlx4_* module parameters when insmod the modules [orabug 17429249] (Joe Jin)
- Delay load mlx4_* to prevent hung when start udev. [orabug 16897608] (Joe Jin)
- Fix FMR load, persistent ib0 subinterfaces, remove kudzu dependency (Chien Yen)
- Add SDP to rdma.conf and rdma.init (Chien Yen)
- Support Mellanox OFED 1.5.5 (Chien Yen)

[3.10-3]
- Replace an errant usage of PARENTDEVICE with PHYSDEV in ifdown-ib
- Related: bz990288

[3.10-2]
- Somehow during editing I accidentally deleted a single character from the post scriptlet. rpmdiff caught it, now I'm fixing it.
- Resolves: bz990288

[3.10-1]
- Bump version to match final kernel submission
- Add support for P_Key interfaces to ifup-ib and ifdown-ib

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2013-1661.html

Plugin Details

Severity: High

ID: 71110

File Name: oraclelinux_ELSA-2013-1661.nasl

Version: 1.13

Type: local

Agent: unix

Published: 11/27/2013

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2013-2561

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2012-4516

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libmlx4, p-cpe:/a:oracle:linux:librdmacm-static, p-cpe:/a:oracle:linux:libibverbs-devel, p-cpe:/a:oracle:linux:infinipath-psm, p-cpe:/a:oracle:linux:rdma, p-cpe:/a:oracle:linux:mpitests-mvapich, p-cpe:/a:oracle:linux:libibverbs, p-cpe:/a:oracle:linux:mpitests-mvapich-psm, p-cpe:/a:oracle:linux:openmpi, p-cpe:/a:oracle:linux:libibverbs-devel-static, p-cpe:/a:oracle:linux:ibutils, p-cpe:/a:oracle:linux:qperf, p-cpe:/a:oracle:linux:ibutils-libs, p-cpe:/a:oracle:linux:librdmacm, p-cpe:/a:oracle:linux:librdmacm-utils, p-cpe:/a:oracle:linux:ibutils-devel, p-cpe:/a:oracle:linux:libibverbs-utils, p-cpe:/a:oracle:linux:perftest, p-cpe:/a:oracle:linux:openmpi-devel, p-cpe:/a:oracle:linux:libmlx4-static, p-cpe:/a:oracle:linux:infinipath-psm-devel, p-cpe:/a:oracle:linux:mpitests-openmpi, p-cpe:/a:oracle:linux:mpitests-mvapich2, p-cpe:/a:oracle:linux:mpitests-mvapich2-psm, p-cpe:/a:oracle:linux:mstflint, p-cpe:/a:oracle:linux:librdmacm-devel, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/26/2013

Vulnerability Publication Date: 10/22/2012

Reference Information

CVE: CVE-2012-4516, CVE-2013-2561

BID: 55896, 58335

RHSA: 2013:1661