Test Kennung:	1.3.6.1.4.1.25623.1.0.123637
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-0744)
Zusammenfassung:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2013-0744 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2013-0744 advisory. Vulnerability Insight: [2.6.32-358.6.1] - [virt] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes (Petr Matousek) [917020 917021] {CVE-2013-1796} - [char] tty: hold lock across tty buffer finding and buffer filling (Prarit Bhargava) [928686 901780] - [net] tcp: fix for zero packets_in_flight was too broad (Thomas Graf) [927309 920794] - [net] tcp: frto should not set snd_cwnd to 0 (Thomas Graf) [927309 920794] - [net] tcp: fix an infinite loop in tcp_slow_start() (Thomas Graf) [927309 920794] - [net] tcp: fix ABC in tcp_slow_start() (Thomas Graf) [927309 920794] - [netdrv] ehea: avoid accessing a NULL vgrp (Steve Best) [921535 911359] - [net] sunrpc: Get rid of the redundant xprt->shutdown bit field (J. Bruce Fields) [915579 893584] - [virt] kvm: do not #GP on unaligned MSR_KVM_SYSTEM_TIME write (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [drm] i915: bounds check execbuffer relocation count (Nikola Pajkovsky) [920523 920525] {CVE-2013-0913} - [x86] irq: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [911267 887006] - [kvm] Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [kvm] Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [kvm] Fix bounds checking in ioapic indirect register reads (Gleb Natapov) [917030 917032] {CVE-2013-1798} - [kvm] x86: release kvmclock page on reset (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [security] keys: Fix race with concurrent install_user_keyrings() (David Howells) [916681 913258] {CVE-2013-1792} - [virt] hv_balloon: Make adjustments to the pressure report (Jason Wang) [909156 902232] [2.6.32-358.5.1] - [fs] xfs: use maximum schedule timeout when ail is empty (Brian Foster) [921958 883905] - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_auth() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922386 922387] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922386 922387] {CVE-2012-6546} - [fs] nls: improve UTF8 -> UTF16 string conversion routine (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [fs] fat: Fix stat->f_namelen (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [netdrv] tun: fix ioctl() based info leaks (Thomas Graf) [922350 922351] {CVE-2012-6547} - [virt] x86: Add a check to catch Xen emulation of Hyper-V (Andrew Jones) [923204 918239] - [fs] cifs: fix expand_dfs_referral (Sachin Prabhu) [923098 902492] - [fs] cifs: factor smb_vol allocation out of cifs_setup_volume_info (Sachin Prabhu) [923098 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6537 http://www.openwall.com/lists/oss-security/2013/03/05/13 RedHat Security Advisories: RHSA-2013:0744 http://rhn.redhat.com/errata/RHSA-2013-0744.html http://www.ubuntu.com/usn/USN-1792-1 http://www.ubuntu.com/usn/USN-1798-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6546 http://www.ubuntu.com/usn/USN-1805-1 http://www.ubuntu.com/usn/USN-1808-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6547 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 Common Vulnerability Exposure (CVE) ID: CVE-2013-0349 RHSA-2013:0744 USN-1805-1 USN-1808-1 [oss-security] 20130222 Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure http://www.openwall.com/lists/oss-security/2013/02/23/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0a9ab9bdb3e891762553f667066190c1d22ad62b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 https://bugzilla.redhat.com/show_bug.cgi?id=914298 https://github.com/torvalds/linux/commit/0a9ab9bdb3e891762553f667066190c1d22ad62b Common Vulnerability Exposure (CVE) ID: CVE-2013-0913 https://lkml.org/lkml/2013/3/11/501 http://openwall.com/lists/oss-security/2013/03/11/6 http://openwall.com/lists/oss-security/2013/03/13/9 http://openwall.com/lists/oss-security/2013/03/14/22 SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://www.ubuntu.com/usn/USN-1809-1 http://www.ubuntu.com/usn/USN-1811-1 http://www.ubuntu.com/usn/USN-1812-1 http://www.ubuntu.com/usn/USN-1813-1 http://www.ubuntu.com/usn/USN-1814-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1767 MDVSA-2013:176 RHSA-2013:0882 http://rhn.redhat.com/errata/RHSA-2013-0882.html RHSA-2013:0928 http://rhn.redhat.com/errata/RHSA-2013-0928.html USN-1787-1 http://www.ubuntu.com/usn/USN-1787-1 USN-1788-1 http://www.ubuntu.com/usn/USN-1788-1 USN-1792-1 USN-1793-1 http://www.ubuntu.com/usn/USN-1793-1 USN-1794-1 http://www.ubuntu.com/usn/USN-1794-1 USN-1795-1 http://www.ubuntu.com/usn/USN-1795-1 USN-1796-1 http://www.ubuntu.com/usn/USN-1796-1 USN-1797-1 http://www.ubuntu.com/usn/USN-1797-1 USN-1798-1 [oss-security] 20130225 Re: kernel: tmpfs use-after-free http://www.openwall.com/lists/oss-security/2013/02/25/23 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f00110f7273f9ff04ac69a5f85bb535a4fd0987 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10 https://bugzilla.redhat.com/show_bug.cgi?id=915592 https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987 openSUSE-SU-2013:0847 openSUSE-SU-2013:0925 Common Vulnerability Exposure (CVE) ID: CVE-2013-1773 23248 http://www.exploit-db.com/exploits/23248/ 58200 http://www.securityfocus.com/bid/58200 88310 http://www.osvdb.org/88310 RHSA-2013:1026 http://rhn.redhat.com/errata/RHSA-2013-1026.html [oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow http://www.openwall.com/lists/oss-security/2013/02/26/8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=916115 https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd Common Vulnerability Exposure (CVE) ID: CVE-2013-1774 SUSE-SU-2013:1182 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html SUSE-SU-2013:1474 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html [oss-security] 20130227 Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference http://www.openwall.com/lists/oss-security/2013/02/27/29 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4 http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/ https://bugzilla.redhat.com/show_bug.cgi?id=916191 https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811 Common Vulnerability Exposure (CVE) ID: CVE-2013-1792 [oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() http://www.openwall.com/lists/oss-security/2013/03/07/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3 https://bugzilla.redhat.com/show_bug.cgi?id=916646 https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087 openSUSE-SU-2013:1187 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html openSUSE-SU-2014:0204 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1796 58607 http://www.securityfocus.com/bid/58607 RHSA-2013:0727 http://rhn.redhat.com/errata/RHSA-2013-0727.html RHSA-2013:0746 http://rhn.redhat.com/errata/RHSA-2013-0746.html USN-1809-1 USN-1812-1 USN-1813-1 [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8] http://www.openwall.com/lists/oss-security/2013/03/20/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c300aa64ddf57d9c5d9c898a64b36877345dd4a9 https://bugzilla.redhat.com/show_bug.cgi?id=917012 https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9 Common Vulnerability Exposure (CVE) ID: CVE-2013-1797 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1 https://bugzilla.redhat.com/show_bug.cgi?id=917013 https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1798 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55 http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html https://bugzilla.redhat.com/show_bug.cgi?id=917017 https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55 Common Vulnerability Exposure (CVE) ID: CVE-2013-1826 USN-1829-1 http://www.ubuntu.com/usn/USN-1829-1 [oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs http://www.openwall.com/lists/oss-security/2013/03/07/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7 https://bugzilla.redhat.com/show_bug.cgi?id=919384 https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836 Common Vulnerability Exposure (CVE) ID: CVE-2013-1827 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4 https://bugzilla.redhat.com/show_bug.cgi?id=919164 https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.