Red Hat Local Security Checks : RedHat Update for systemd RHSA-2016:2610-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871703

Categoría: Red Hat Local Security Checks

Título: RedHat Update for systemd RHSA-2016:2610-01

Resumen: The remote host is missing an update for the 'systemd'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'systemd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The systemd packages contain systemd,
a system and service manager for Linux, compatible with the SysV and LSB
init scripts. It provides aggressive parallelism capabilities, uses socket
and D-Bus activation for starting services, offers on-demand starting of daemons,
and keeps track of processes using Linux cgroups. In addition, it supports
snapshotting and restoring of the system state, maintains mount and automount
points, and implements an elaborate transactional dependency-based service control
logic. It can also work as a drop-in replacement for sysvinit.

Security Fix(es):

* A flaw was found in the way systemd handled empty notification messages.
A local attacker could use this flaw to make systemd freeze its execution,
preventing further management of system services, system shutdown, or
zombie process collection via systemd. (CVE-2016-7795)

Bug Fix(es):

* Previously, the udev device manager automatically enabled all memory
banks on IBM z System installations. As a consequence, hot plug memory was
enabled automatically, which was incorrect. With this update, system
architecture checks have been added to the udev rules to address the
problem. As a result, hot plug memory is no longer automatically enabled.
(BZ#1381123)

Affected Software/OS:
systemd on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-7795
BugTraq ID: 93223
http://www.securityfocus.com/bid/93223
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
http://www.openwall.com/lists/oss-security/2016/09/28/9
http://www.openwall.com/lists/oss-security/2016/09/30/1
RedHat Security Advisories: RHSA-2016:2610
http://rhn.redhat.com/errata/RHSA-2016-2610.html
RedHat Security Advisories: RHSA-2016:2694
http://rhn.redhat.com/errata/RHSA-2016-2694.html
http://www.securitytracker.com/id/1037320
http://www.ubuntu.com/usn/USN-3094-1

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871703
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for systemd RHSA-2016:2610-01
Resumen:	The remote host is missing an update for the 'systemd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'systemd' package(s) announced via the referenced advisory. Vulnerability Insight: The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. (CVE-2016-7795) Bug Fix(es): * Previously, the udev device manager automatically enabled all memory banks on IBM z System installations. As a consequence, hot plug memory was enabled automatically, which was incorrect. With this update, system architecture checks have been added to the udev rules to address the problem. As a result, hot plug memory is no longer automatically enabled. (BZ#1381123) Affected Software/OS: systemd on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7795 BugTraq ID: 93223 http://www.securityfocus.com/bid/93223 https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet http://www.openwall.com/lists/oss-security/2016/09/28/9 http://www.openwall.com/lists/oss-security/2016/09/30/1 RedHat Security Advisories: RHSA-2016:2610 http://rhn.redhat.com/errata/RHSA-2016-2610.html RedHat Security Advisories: RHSA-2016:2694 http://rhn.redhat.com/errata/RHSA-2016-2694.html http://www.securitytracker.com/id/1037320 http://www.ubuntu.com/usn/USN-3094-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH