Red Hat Local Security Checks : RedHat Security Advisory RHSA-2012:1481

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72583

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2012:1481

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2012:1481.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the way the Linux kernel's dl2k driver, used by
certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local,
unprivileged user could use this flaw to issue potentially harmful IOCTLs,
which could cause Ethernet adapters using the dl2k driver to malfunction
(for example, losing network connectivity). (CVE-2012-2313, Low)

Red Hat would like to thank Stephan Mueller for reporting this issue.

This update also fixes the following bugs:

* The QLogic netxen_nic driver has been upgraded to version 4.0.75, which
provides several bug fixes. This update also allows users to set speed and
automatic negotiation parameters for Gigabit Ethernet (GbE) ports. Note
that QLogic devices do not support half-duplex data transmission at the
moment. (BZ#865304)

* When the ext3_dx_add_entry() function had to split a directory index
node, it had to ensure that the name_len variable of the new dx_node's
fake_dirent structure was set to zero. Otherwise, the e2fsck tool did not
recognize it as an intermediate htree node and considered the htree node to
be corrupted. The dx_node's fake_dirent structure is now always explicitly
set to zero, which prevents the corruption in this scenario. (BZ#866548)

* Previously, the error cleanup logic was incorrect: once an error was
detected, the same error was reported on every polling cycle (the default
behavior is to poll every second). This caused an excessive amount of Error
Detection And Correction (EDAC) messages to be logged in the
/var/log/messages file. This update fixes the error cleanup logic, which
prevents the unnecessary messages from being logged. (BZ#866796)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1481.html

Risk factor : Low

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2313
53965
http://www.securityfocus.com/bid/53965
HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
RHSA-2012:1174
http://rhn.redhat.com/errata/RHSA-2012-1174.html
RHSA-2012:1481
http://rhn.redhat.com/errata/RHSA-2012-1481.html
RHSA-2012:1541
http://rhn.redhat.com/errata/RHSA-2012-1541.html
RHSA-2012:1589
http://rhn.redhat.com/errata/RHSA-2012-1589.html
SUSE-SU-2015:0812
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[oss-security] 20120504 Re: CVE Request: more tight ioctl permissions in dl2k driver
http://www.openwall.com/lists/oss-security/2012/05/04/8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7
https://bugzilla.redhat.com/show_bug.cgi?id=818820
https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72583
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2012:1481
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2012:1481. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Stephan Mueller for reporting this issue. This update also fixes the following bugs: * The QLogic netxen_nic driver has been upgraded to version 4.0.75, which provides several bug fixes. This update also allows users to set speed and automatic negotiation parameters for Gigabit Ethernet (GbE) ports. Note that QLogic devices do not support half-duplex data transmission at the moment. (BZ#865304) * When the ext3_dx_add_entry() function had to split a directory index node, it had to ensure that the name_len variable of the new dx_node's fake_dirent structure was set to zero. Otherwise, the e2fsck tool did not recognize it as an intermediate htree node and considered the htree node to be corrupted. The dx_node's fake_dirent structure is now always explicitly set to zero, which prevents the corruption in this scenario. (BZ#866548) * Previously, the error cleanup logic was incorrect: once an error was detected, the same error was reported on every polling cycle (the default behavior is to poll every second). This caused an excessive amount of Error Detection And Correction (EDAC) messages to be logged in the /var/log/messages file. This update fixes the error cleanup logic, which prevents the unnecessary messages from being logged. (BZ#866796) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-1481.html Risk factor : Low
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2313 53965 http://www.securityfocus.com/bid/53965 HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 RHSA-2012:1174 http://rhn.redhat.com/errata/RHSA-2012-1174.html RHSA-2012:1481 http://rhn.redhat.com/errata/RHSA-2012-1481.html RHSA-2012:1541 http://rhn.redhat.com/errata/RHSA-2012-1541.html RHSA-2012:1589 http://rhn.redhat.com/errata/RHSA-2012-1589.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html [oss-security] 20120504 Re: CVE Request: more tight ioctl permissions in dl2k driver http://www.openwall.com/lists/oss-security/2012/05/04/8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7 https://bugzilla.redhat.com/show_bug.cgi?id=818820 https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com