Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-2038)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123793

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2012-2038)

Zusammenfassung: The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-300.37.1.el5uek, mlnx_en-2.6.32-300.37.1.el6uek, ofa-2.6.32-300.37.1.el5uek, ofa-2.6.32-300.37.1.el6uek' package(s) announced via the ELSA-2012-2038 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-300.37.1.el5uek, mlnx_en-2.6.32-300.37.1.el6uek, ofa-2.6.32-300.37.1.el5uek, ofa-2.6.32-300.37.1.el6uek' package(s) announced via the ELSA-2012-2038 advisory.

Vulnerability Insight:
[2.6.32-300.37.1.]
- sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994]
- CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412}

[2.6.32-300.36.1.]
- dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313}
- hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390}
- rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430}

[2.6.32-300.35.1.]
- oracleasm: Bring driver in sync with UEK2 (Martin K. Petersen)
- Fix system hang due to bad protection module parameters (CR 130769) (Martin
K. Petersen)
- sd: Avoid remapping bad reference tags (Martin K. Petersen)
- block: Fix bad range check in bio_sector_offset (Martin K. Petersen)

[2.6.32-300.34.1.]
- htrimer: fix kabi breakage (Joe Jin)
- 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume()
(Thomas Gleixner)
- 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt (John
Stultz)
- 2.6.32.x: timekeeping: Provide hrtimer update function (Thomas Gleixner)
- 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt() (Thomas
Gleixner)
- 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers (Thomas
Gleixner)
- 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue (John
Stultz)
- 2.6.32.x: hrtimer: Provide clock_was_set_delayed() (John Stultz)
- 2.6.32.x: time: Move common updates to a function (Thomas Gleixner)
- 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during leapsecond
(John Stultz)
- 2.6.32.x: ntp: Correct TAI offset during leap second (Richard Cochran)
- 2.6.32.x: ntp: Fix leap-second hrtimer livelock (John Stultz)
- Revert '2.6.32.x: hrtimer: Fix clock_was_set so it is safe to call from irq
context' (Joe Jin)
- Revert '2.6.32.x: time: Fix leapsecond triggered hrtimer/futex load spike
issue' (Joe Jin)
- Revert '2.6.32.x: hrtimer: Update hrtimer base offsets each
hrtimer_interrupt' (Joe Jin)

[2.6.32-300.33.1.]
- mpt2sas: Update mpt2sas to 120.105.11.00 (Guru Anbalagane) [Orabug: 14376481]
- Revert 'mpt2sas: update to 12.105.11.00' (Maxim Uvarov)

Affected Software/OS:
'kernel-uek, mlnx_en-2.6.32-300.37.1.el5uek, mlnx_en-2.6.32-300.37.1.el6uek, ofa-2.6.32-300.37.1.el5uek, ofa-2.6.32-300.37.1.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3412
50633
http://secunia.com/advisories/50633
50732
http://secunia.com/advisories/50732
50811
http://secunia.com/advisories/50811
51193
http://secunia.com/advisories/51193
RHSA-2012:1323
http://rhn.redhat.com/errata/RHSA-2012-1323.html
RHSA-2012:1324
http://rhn.redhat.com/errata/RHSA-2012-1324.html
RHSA-2012:1347
http://rhn.redhat.com/errata/RHSA-2012-1347.html
RHSA-2012:1375
http://rhn.redhat.com/errata/RHSA-2012-1375.html
RHSA-2012:1401
http://rhn.redhat.com/errata/RHSA-2012-1401.html
RHSA-2012:1430
http://rhn.redhat.com/errata/RHSA-2012-1430.html
SUSE-SU-2012:1679
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
USN-1567-1
http://www.ubuntu.com/usn/USN-1567-1
USN-1568-1
http://www.ubuntu.com/usn/USN-1568-1
USN-1572-1
http://www.ubuntu.com/usn/USN-1572-1
USN-1575-1
http://www.ubuntu.com/usn/USN-1575-1
USN-1577-1
http://www.ubuntu.com/usn/USN-1577-1
USN-1578-1
http://www.ubuntu.com/usn/USN-1578-1
USN-1579-1
http://www.ubuntu.com/usn/USN-1579-1
USN-1580-1
http://www.ubuntu.com/usn/USN-1580-1
[oss-security] 20120803 Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412)
http://www.openwall.com/lists/oss-security/2012/08/03/4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
https://bugzilla.redhat.com/show_bug.cgi?id=844714
https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c
openSUSE-SU-2012:1330
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123793
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2012-2038)
Zusammenfassung:	The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-300.37.1.el5uek, mlnx_en-2.6.32-300.37.1.el6uek, ofa-2.6.32-300.37.1.el5uek, ofa-2.6.32-300.37.1.el6uek' package(s) announced via the ELSA-2012-2038 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-300.37.1.el5uek, mlnx_en-2.6.32-300.37.1.el6uek, ofa-2.6.32-300.37.1.el5uek, ofa-2.6.32-300.37.1.el6uek' package(s) announced via the ELSA-2012-2038 advisory. Vulnerability Insight: [2.6.32-300.37.1.] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} [2.6.32-300.36.1.] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} [2.6.32-300.35.1.] - oracleasm: Bring driver in sync with UEK2 (Martin K. Petersen) - Fix system hang due to bad protection module parameters (CR 130769) (Martin K. Petersen) - sd: Avoid remapping bad reference tags (Martin K. Petersen) - block: Fix bad range check in bio_sector_offset (Martin K. Petersen) [2.6.32-300.34.1.] - htrimer: fix kabi breakage (Joe Jin) - 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume() (Thomas Gleixner) - 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt (John Stultz) - 2.6.32.x: timekeeping: Provide hrtimer update function (Thomas Gleixner) - 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt() (Thomas Gleixner) - 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue (John Stultz) - 2.6.32.x: hrtimer: Provide clock_was_set_delayed() (John Stultz) - 2.6.32.x: time: Move common updates to a function (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during leapsecond (John Stultz) - 2.6.32.x: ntp: Correct TAI offset during leap second (Richard Cochran) - 2.6.32.x: ntp: Fix leap-second hrtimer livelock (John Stultz) - Revert '2.6.32.x: hrtimer: Fix clock_was_set so it is safe to call from irq context' (Joe Jin) - Revert '2.6.32.x: time: Fix leapsecond triggered hrtimer/futex load spike issue' (Joe Jin) - Revert '2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt' (Joe Jin) [2.6.32-300.33.1.] - mpt2sas: Update mpt2sas to 120.105.11.00 (Guru Anbalagane) [Orabug: 14376481] - Revert 'mpt2sas: update to 12.105.11.00' (Maxim Uvarov) Affected Software/OS: 'kernel-uek, mlnx_en-2.6.32-300.37.1.el5uek, mlnx_en-2.6.32-300.37.1.el6uek, ofa-2.6.32-300.37.1.el5uek, ofa-2.6.32-300.37.1.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3412 50633 http://secunia.com/advisories/50633 50732 http://secunia.com/advisories/50732 50811 http://secunia.com/advisories/50811 51193 http://secunia.com/advisories/51193 RHSA-2012:1323 http://rhn.redhat.com/errata/RHSA-2012-1323.html RHSA-2012:1324 http://rhn.redhat.com/errata/RHSA-2012-1324.html RHSA-2012:1347 http://rhn.redhat.com/errata/RHSA-2012-1347.html RHSA-2012:1375 http://rhn.redhat.com/errata/RHSA-2012-1375.html RHSA-2012:1401 http://rhn.redhat.com/errata/RHSA-2012-1401.html RHSA-2012:1430 http://rhn.redhat.com/errata/RHSA-2012-1430.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html USN-1567-1 http://www.ubuntu.com/usn/USN-1567-1 USN-1568-1 http://www.ubuntu.com/usn/USN-1568-1 USN-1572-1 http://www.ubuntu.com/usn/USN-1572-1 USN-1575-1 http://www.ubuntu.com/usn/USN-1575-1 USN-1577-1 http://www.ubuntu.com/usn/USN-1577-1 USN-1578-1 http://www.ubuntu.com/usn/USN-1578-1 USN-1579-1 http://www.ubuntu.com/usn/USN-1579-1 USN-1580-1 http://www.ubuntu.com/usn/USN-1580-1 [oss-security] 20120803 Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412) http://www.openwall.com/lists/oss-security/2012/08/03/4 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30 https://bugzilla.redhat.com/show_bug.cgi?id=844714 https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c openSUSE-SU-2012:1330 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html
Copyright	Copyright (C) 2015 Greenbone AG