| Description: | Summary:
The remote host is missing an update for the 'kernel, ocfs2-2.6.18-8.1.15.0.1.el5, oracleasm-2.6.18-8.1.15.0.1.el5' package(s) announced via the ELSA-2007-0940 advisory.
Vulnerability Insight:
[2.6.18-8.1.15.0.1.el5]
- Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660]
- Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759]
[2.6.18-8.1.15.el5]
- [dlm] A TCP connection to DLM port blocks DLM operations (Patrick
Caulfield ) [245922] {CVE-2007-3380}
- [ppc] 4k page mapping support for userspace in 64k kernels (Scott
Moser ) [275841] {CVE-2007-3850}
- [ptrace] NULL pointer dereference triggered by ptrace (Anton Arapov )
[275981] {CVE-2007-3731}
- [fs] hugetlb: fix prio_tree unit (Konrad Rzeszutek ) [253929]
{CVE-2007-4133}
- [x86_64] Don't leak NT bit into next task (Dave Anderson ) [298151]
{CVE-2007-4574}
- [fs] Reset current->pdeath_signal on SUID binary execution (Peter
Zijlstra ) [252307] {CVE-2007-3848}
- [misc] Bounds check ordering issue in random driver (Anton Arapov )
[275961] {CVE-2007-3105}
- [usb] usblcd: Locally triggerable memory consumption (Anton Arapov )
[276001] {CVE-2007-3513}
- [net] igmp: check for NULL when allocating GFP_ATOMIC skbs (Neil
Horman ) [303281]
- [scsi] aacraid: Missing ioctl() permission checks (Vitaly Mayatskikh )
[298371] {CVE-2007-4308}
- [xen] Guest access to MSR may cause system crash/data corruption
(Bhavana Nagendra ) [253312] {CVE-2007-3733}
Affected Software/OS:
'kernel, ocfs2-2.6.18-8.1.15.0.1.el5, oracleasm-2.6.18-8.1.15.0.1.el5' package(s) on Oracle Linux 5.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
