Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2008-0061)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.122587

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2008-0061)

Summary: The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory.

Description: Summary:
The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory.

Vulnerability Insight:
setroubleshoot:
[2.0.5-3.0.1.el5]
- replace missed references to bugzilla.redhat.com with linux.oracle.com

[2.0.5-3]
- Resolve: bug #436564: socket.getsockopt() on ppc generates exception
Fix typo in original setroubleshoot-get_credentials.patch

[2.0.5-2]
- Resolve: bug #437857: python error in system shutdown
- Resolve: bug #436564: socket.getsockopt() on ppc generates exception

[2.0.5-1]
- Resolve: bug #431768: parser error in xmlParseDoc()

[2.0.3-3]
- Resolve: bug #429179: notification-daemon crashes when a notification is removed from the display

[2.0.3-2]
- remove libuser-python dependency
- Related: bug #224351

[2.0.2-1]
- Resolve bug #428252: Problem with update/remove old version
- Add code to validate xml database version, if file is incompatible it is not read,
the next time the database is written it will be in the new version format.
This means the database contents are not preserved across database version upgrades.
- Remove postun trigger from spec file used to clear database between incompatible versions
the new database version check during database read will handle this instead
- bullet proof exit status in init script and rpm scriptlets
- Resolve bug #247302: setroubleshoots autostart .desktop file fails to start under a KDE session
- Resolve bug #376041: Cannot check setroubleshoot service status as non-root
- Resolve bug #332281: remove obsolete translation
- Resolve bug #344331: No description in gnome-session-properties
- Resolve bug #358581: missing libuser-python dependency
- Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin
- Resolve bug #427260: German Translation
- enhance the sealert man page

[2.0.1-1]
- make connection error message persist instead of timeout in browser
- updated Brazilian Portuguese translation: Igor Pires Soares - implement uid,username checks - rpc methods now check for authenticated state - fix html handling of summary string - add 'named' messages to status bar, make sure all messages either timeout or are named - fix ordering of menus, resolves bug #427418 - add 'hide quiet' to browser view filtering, resolves bug #427421 - tweak siginfo text formatting[2.0.0-1]- prepare for v2 test release - Completed most work for version 2 of setroubleshoot, prepare for test release - import Dans changes from the mainline primarily allow_postfix_local_write_mail_spool plugin - escape html, fix siginfo.format_html(), siginfo.format_text() - add async-error signal - change identity to just username - make sure set_filter user validation works and reports error in browser - fix generation of line numbers and host when connected to audispd - add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode - resolves bug #244345: avc path information incomplete - get the uid,gid when a client connects to the server - set_filter now verifies the filter is owned ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'setroubleshoot, setroubleshoot-plugins' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5495
1020077
http://securitytracker.com/id?1020077
29320
http://www.securityfocus.com/bid/29320
30339
http://secunia.com/advisories/30339
RHSA-2008:0061
http://www.redhat.com/support/errata/RHSA-2008-0061.html
https://bugzilla.redhat.com/show_bug.cgi?id=288221
oval:org.mitre.oval:def:9705
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705
setroubleshoot-sealert-symlink(42591)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42591
Common Vulnerability Exposure (CVE) ID: CVE-2007-5496
1020078
http://securitytracker.com/id?1020078
29324
http://www.securityfocus.com/bid/29324
https://bugzilla.redhat.com/show_bug.cgi?id=288271
oval:org.mitre.oval:def:10455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455
setroubleshoot-sealert-avc-xss(42592)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42592

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122587
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2008-0061)
Summary:	The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory.
Description:	Summary: The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory. Vulnerability Insight: setroubleshoot: [2.0.5-3.0.1.el5] - replace missed references to bugzilla.redhat.com with linux.oracle.com [2.0.5-3] - Resolve: bug #436564: socket.getsockopt() on ppc generates exception Fix typo in original setroubleshoot-get_credentials.patch [2.0.5-2] - Resolve: bug #437857: python error in system shutdown - Resolve: bug #436564: socket.getsockopt() on ppc generates exception [2.0.5-1] - Resolve: bug #431768: parser error in xmlParseDoc() [2.0.3-3] - Resolve: bug #429179: notification-daemon crashes when a notification is removed from the display [2.0.3-2] - remove libuser-python dependency - Related: bug #224351 [2.0.2-1] - Resolve bug #428252: Problem with update/remove old version - Add code to validate xml database version, if file is incompatible it is not read, the next time the database is written it will be in the new version format. This means the database contents are not preserved across database version upgrades. - Remove postun trigger from spec file used to clear database between incompatible versions the new database version check during database read will handle this instead - bullet proof exit status in init script and rpm scriptlets - Resolve bug #247302: setroubleshoots autostart .desktop file fails to start under a KDE session - Resolve bug #376041: Cannot check setroubleshoot service status as non-root - Resolve bug #332281: remove obsolete translation - Resolve bug #344331: No description in gnome-session-properties - Resolve bug #358581: missing libuser-python dependency - Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin - Resolve bug #427260: German Translation - enhance the sealert man page [2.0.1-1] - make connection error message persist instead of timeout in browser - updated Brazilian Portuguese translation: Igor Pires Soares - implement uid,username checks - rpc methods now check for authenticated state - fix html handling of summary string - add 'named' messages to status bar, make sure all messages either timeout or are named - fix ordering of menus, resolves bug #427418 - add 'hide quiet' to browser view filtering, resolves bug #427421 - tweak siginfo text formatting[2.0.0-1]- prepare for v2 test release - Completed most work for version 2 of setroubleshoot, prepare for test release - import Dans changes from the mainline primarily allow_postfix_local_write_mail_spool plugin - escape html, fix siginfo.format_html(), siginfo.format_text() - add async-error signal - change identity to just username - make sure set_filter user validation works and reports error in browser - fix generation of line numbers and host when connected to audispd - add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode - resolves bug #244345: avc path information incomplete - get the uid,gid when a client connects to the server - set_filter now verifies the filter is owned ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'setroubleshoot, setroubleshoot-plugins' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5495 1020077 http://securitytracker.com/id?1020077 29320 http://www.securityfocus.com/bid/29320 30339 http://secunia.com/advisories/30339 RHSA-2008:0061 http://www.redhat.com/support/errata/RHSA-2008-0061.html https://bugzilla.redhat.com/show_bug.cgi?id=288221 oval:org.mitre.oval:def:9705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705 setroubleshoot-sealert-symlink(42591) https://exchange.xforce.ibmcloud.com/vulnerabilities/42591 Common Vulnerability Exposure (CVE) ID: CVE-2007-5496 1020078 http://securitytracker.com/id?1020078 29324 http://www.securityfocus.com/bid/29324 https://bugzilla.redhat.com/show_bug.cgi?id=288271 oval:org.mitre.oval:def:10455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455 setroubleshoot-sealert-avc-xss(42592) https://exchange.xforce.ibmcloud.com/vulnerabilities/42592
Copyright	Copyright (C) 2015 Greenbone AG