Test Kennung:	1.3.6.1.4.1.25623.1.0.123612
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-2534)
Zusammenfassung:	The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.29.1.el5uek, mlnx_en-2.6.32-400.29.1.el6uek, ofa-2.6.32-400.29.1.el5uek, ofa-2.6.32-400.29.1.el6uek' package(s) announced via the ELSA-2013-2534 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.29.1.el5uek, mlnx_en-2.6.32-400.29.1.el6uek, ofa-2.6.32-400.29.1.el5uek, ofa-2.6.32-400.29.1.el6uek' package(s) announced via the ELSA-2013-2534 advisory. Vulnerability Insight: [2.6.32-400.29.1] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} [2.6.32-400.28.1] - do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974] - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860} - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025] - sched: Fix ancient race in do_exit() (Joe Jin) - open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035] - block: default SCSI command filter does not accommodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542} - vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568] - svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} [2.6.32-400.27.1] - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel-uek, mlnx_en-2.6.32-400.29.1.el5uek, mlnx_en-2.6.32-400.29.1.el6uek, ofa-2.6.32-400.29.1.el5uek, ofa-2.6.32-400.29.1.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4542 RHSA-2013:0496 http://rhn.redhat.com/errata/RHSA-2013-0496.html RHSA-2013:0579 http://rhn.redhat.com/errata/RHSA-2013-0579.html RHSA-2013:0882 http://rhn.redhat.com/errata/RHSA-2013-0882.html RHSA-2013:0928 http://rhn.redhat.com/errata/RHSA-2013-0928.html [linux-kernel] 20130124 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) http://marc.info/?l=linux-kernel&m=135903967015813&w=2 [linux-kernel] 20130124 [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) http://marc.info/?l=linux-kernel&m=135904012416042&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=875360 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=76a274e17114abf1a77de6b651424648ce9e10c8 Common Vulnerability Exposure (CVE) ID: CVE-2012-6542 http://www.openwall.com/lists/oss-security/2013/03/05/13 RedHat Security Advisories: RHSA-2013:1645 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.ubuntu.com/usn/USN-1805-1 http://www.ubuntu.com/usn/USN-1808-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1860 58510 http://www.securityfocus.com/bid/58510 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html USN-1809-1 http://www.ubuntu.com/usn/USN-1809-1 USN-1811-1 http://www.ubuntu.com/usn/USN-1811-1 USN-1812-1 http://www.ubuntu.com/usn/USN-1812-1 USN-1813-1 http://www.ubuntu.com/usn/USN-1813-1 USN-1814-1 http://www.ubuntu.com/usn/USN-1814-1 USN-1829-1 http://www.ubuntu.com/usn/USN-1829-1 [oss-security] 20130314 Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device http://www.openwall.com/lists/oss-security/2013/03/15/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4 https://bugzilla.redhat.com/show_bug.cgi?id=921970 https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa Common Vulnerability Exposure (CVE) ID: CVE-2013-1929 FEDORA-2013-5368 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101836.html RHSA-2013:1645 SUSE-SU-2013:1473 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html SUSE-SU-2013:1474 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html USN-1834-1 http://www.ubuntu.com/usn/USN-1834-1 USN-1835-1 http://www.ubuntu.com/usn/USN-1835-1 USN-1836-1 http://www.ubuntu.com/usn/USN-1836-1 USN-1838-1 http://www.ubuntu.com/usn/USN-1838-1 [oss-security] 20130405 Re: CVE Request: tg3 VPD firmware -> driver injection http://www.openwall.com/lists/oss-security/2013/04/06/3 http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=715230a44310a8cf66fbfb5a46f9a62a9b2de424 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6 https://bugzilla.redhat.com/show_bug.cgi?id=949932 https://github.com/torvalds/linux/commit/715230a44310a8cf66fbfb5a46f9a62a9b2de424 openSUSE-SU-2013:1971 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1943 USN-1939-1 http://www.ubuntu.com/usn/USN-1939-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa3d315a4ce2c0891cdde262562e710d95fba19e http://web.archive.org/web/20130329070349/http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 https://bugzilla.redhat.com/show_bug.cgi?id=950490 https://github.com/torvalds/linux/commit/fa3d315a4ce2c0891cdde262562e710d95fba19e
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.