Test ID:	1.3.6.1.4.1.25623.1.0.122323
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2010-0679)
Summary:	The remote host is missing an update for the 'rpm' package(s) announced via the ELSA-2010-0679 advisory.
Description:	Summary: The remote host is missing an update for the 'rpm' package(s) announced via the ELSA-2010-0679 advisory. Vulnerability Insight: [4.4.2.3-20.el5_5.1] - make the sbits removal behavior consistent with all the RHELs - add proper suffix for Z branch [4.4.2.3-19] - fix CVE-2010-2059, fails to drop SUID/SGID bits on package upgrade (#626707) - fix SELinux memory leak (#627630), patch from Florian Festi Affected Software/OS: 'rpm' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2059 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. http://www.securityfocus.com/archive/1/516909/100/0/threaded 40028 http://secunia.com/advisories/40028 65143 http://www.osvdb.org/65143 ADV-2011-0606 http://www.vupen.com/english/advisories/2011/0606 MDVSA-2010:180 http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 RHSA-2010:0679 http://www.redhat.com/support/errata/RHSA-2010-0679.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/02/2 [oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/02/3 [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://marc.info/?l=oss-security&m=127559059928131&w=2 http://www.openwall.com/lists/oss-security/2010/06/03/5 [oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/04/1 [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383 http://www.vmware.com/security/advisories/VMSA-2011-0004.html https://bugzilla.redhat.com/show_bug.cgi?id=125517 https://bugzilla.redhat.com/show_bug.cgi?id=598775
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.