Test Kennung:	1.3.6.1.4.1.25623.1.0.122239
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2011-0283)
Zusammenfassung:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2011-0283 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2011-0283 advisory. Vulnerability Insight: [2.6.32-71.18.1.el6] - [netdrv] ixgbe: make sure FCoE DDP user buffers are really released by the HW (Frantisek Hrbata) [674002 617193] - [netdrv] ixgbe: invalidate FCoE DDP context when no error status is available (Frantisek Hrbata) [674002 617193] - [netdrv] ixgbe: avoid doing FCoE DDP when adapter is DOWN or RESETTING (Frantisek Hrbata) [674002 617193] - [fcoe] libfc: remove tgt_flags from fc_fcp_pkt struct (Mike Christie) [666797 633915] - [fcoe] libfc: use rport timeout values for fcp recovery (Frantisek Hrbata) [666797 633915] - [fcoe] libfc: incorrect scsi host byte codes returned to scsi-ml (Mike Christie) [666797 633915] - [scsi] scsi_dh_alua: fix overflow in alua_rtpg port group id check (Mike Snitzer) [673978 670572] [2.6.32-71.17.1.el6] - [s390x] kdump: allow zfcpdump to mount and write to ext4 file systems (Amerigo Wang) [661667 628676] - [scsi] qla2xxx: Properly set the return value in function qla2xxx_eh_abort (Chad Dupuis) [664398 635710] - [scsi] qla2xxx: Drop srb reference before waiting for completion (Chad Dupuis) [664398 635710] - [virt] KVM: VMX: Really clear cr0.ts when giving the guest ownership of the fpu (Avi Kivity) [658891 645898] - [virt] KVM: SVM: Initialize fpu_active in init_vmcb() (Avi Kivity) [658891 645898] - [virt] KVM: x86: Use unlazy_fpu() for host FPU (Avi Kivity) [658891 645898] - [virt] KVM: Set cr0.et when the guest writes cr0 (Avi Kivity) [658891 645898] - [virt] KVM: VMX: Give the guest ownership of cr0.ts when the fpu is active (Avi Kivity) [658891 645898] - [virt] KVM: Lazify fpu activation and deactivation (Avi Kivity) [658891 645898] - [virt] KVM: VMX: Allow the guest to own some cr0 bits (Avi Kivity) [658891 645898] - [virt] KVM: Replace read accesses of vcpu->arch.cr0 by an accessor (Avi Kivity) [658891 645898] - [virt] KVM: VMX: trace clts and lmsw instructions as cr accesses (Avi Kivity) [658891 645898] [2.6.32-71.16.1.el6] - [net] ipsec: fragment locally generated tunnel-mode IPSec6 packets as needed (Herbert Xu) [670421 661113] - [net] tcp: Increase TCP_MAXSEG socket option minimum to TCP_MIN_MSS (Frantisek Hrbata) [652510 652511] {CVE-2010-4165} - [perf] perf_events: Fix perf_counter_mmap() hook in mprotect() (Oleg Nesterov) [651672 651673] {CVE-2010-4169} - [md] dm mpath: revert 'dm: Call blk_abort_queue on failed paths' (Mike Snitzer) [658854 636771] - [x86] UV: Address interrupt/IO port operation conflict (George Beshers) [662921 659480] - [mm] guard page for stacks that grow upwards (Johannes Weiner) [666796 630562] - [scsi] enable state transitions from OFFLINE to RUNNING (Mike Christie) [660590 643237] - [scsi] set queue limits no_cluster for stacked devices (Mike Snitzer) [662050 658293] - [mm] Out-of-memory under memory cgroup can call both of oom-killer-for-memcg and oom-killer-for-page-fault (Larry Woodman) [661732 592879] - [scsi] libfc: possible race could panic system due to NULL fsp->cmd (Mike ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4165 42778 http://secunia.com/advisories/42778 42801 http://secunia.com/advisories/42801 42932 http://secunia.com/advisories/42932 44830 http://www.securityfocus.com/bid/44830 69241 http://www.osvdb.org/69241 8111 http://securityreason.com/securityalert/8111 8123 http://securityreason.com/securityalert/8123 ADV-2011-0012 http://www.vupen.com/english/advisories/2011/0012 ADV-2011-0124 http://www.vupen.com/english/advisories/2011/0124 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 MDVSA-2011:029 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 SUSE-SA:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html SUSE-SA:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html SUSE-SA:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html [netdev] 20101110 Re: possible kernel oops from user MSS http://www.spinics.net/lists/netdev/msg146495.html [netdev] 20101110 possible kernel oops from user MSS http://www.spinics.net/lists/netdev/msg146405.html [oss-security] 20101112 CVE request: kernel: possible kernel oops from user MSS http://www.openwall.com/lists/oss-security/2010/11/12/1 [oss-security] 20101112 Re: CVE request: kernel: possible kernel oops from user MSS http://www.openwall.com/lists/oss-security/2010/11/12/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 https://bugzilla.redhat.com/show_bug.cgi?id=652508 Common Vulnerability Exposure (CVE) ID: CVE-2010-4169 42745 http://secunia.com/advisories/42745 44861 http://www.securityfocus.com/bid/44861 ADV-2010-3321 http://www.vupen.com/english/advisories/2010/3321 FEDORA-2010-18983 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html RHSA-2010:0958 http://www.redhat.com/support/errata/RHSA-2010-0958.html [oss-security] 20101115 CVE request: kernel: perf bug http://marc.info/?l=oss-security&m=128979684911295&w=2 [oss-security] 20101115 Re: CVE request: kernel: perf bug http://marc.info/?l=oss-security&m=128984344103497&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=63bfd7384b119409685a17d5c58f0b56e5dc03da https://bugzilla.redhat.com/show_bug.cgi?id=651671 kernel-perfeventmmap-dos(63316) https://exchange.xforce.ibmcloud.com/vulnerabilities/63316 Common Vulnerability Exposure (CVE) ID: CVE-2010-4243 15619 http://www.exploit-db.com/exploits/15619 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42884 http://secunia.com/advisories/42884 45004 http://www.securityfocus.com/bid/45004 46397 http://secunia.com/advisories/46397 RHSA-2011:0017 http://www.redhat.com/support/errata/RHSA-2011-0017.html [linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer http://lkml.org/lkml/2010/8/27/429 [linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer http://lkml.org/lkml/2010/8/29/206 http://lkml.org/lkml/2010/8/30/138 http://lkml.org/lkml/2010/8/30/378 [linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html [oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads http://openwall.com/lists/oss-security/2010/11/22/6 [oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads http://openwall.com/lists/oss-security/2010/11/22/15 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c http://grsecurity.net/~spender/64bit_dos.c http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=625688 linux-kernel-execve-dos(64700) https://exchange.xforce.ibmcloud.com/vulnerabilities/64700
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.