Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0153)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123975

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2012-0153)

Summary: The remote host is missing an update for the 'sos' package(s) announced via the ELSA-2012-0153 advisory.

Description: Summary:
The remote host is missing an update for the 'sos' package(s) announced via the ELSA-2012-0153 advisory.

Vulnerability Insight:
[1.7-9.62.0.1.el5]
- add patch to remove all sysrq echo commands from sysreport.legacy
(John Sobecki) [orabug 11061754]
- comment out rh-upload-core and README.rh-upload-core in specfile

[1.7-9.62]
- Always log plugin exceptions that are not raised to the interpreter
Resolves: bz717480
- Ensure relative symlink targets are correctly handled when copying
Resolves: bz717962
- Correctly handle libxml2 parser exceptions when reading cluster.conf
Resolves: bz750573
- Update Red Hat Certificate System plugin for current versions
Resolves: bz627416

[1.7-9.61]
- Make single threaded operation default and add --multithread to override
Resolves: bz708346
- Support multiple possible locations of VRTSexplorer script
Resolves: bz565996
- Collect wallaby dump and inventory information in mrggrid plugin
Resolves: bz641020

[1.7-9.60]
- Add ethtool pause, coalesce and ring (-a, -c, -g) options to network plugin
Resolves: bz726421
- Update MRG grid plugin to collect additional logs and configuration
Resolves: bz641020

[1.7-9.59]
- Fix collection of symlink destinations when copying directory trees
Resolves: bz717962
- Allow plugins to specify non-root symlinks for collected command output
Resolves: bz716987
- Ensure custom rsyslog destinations are captured and log size limits applied
Resolves: bz717167

[1.7-9.58]
- Add basic plugin for Veritas products
Resolves: bz565996
- Do not collect subscription manager keys in general plugin
Resolves: bz750606
- Fix gfs2 plugin use of callExtProg API
Resolves: bz667783

[1.7-9.57]
- Fix exceptions and file naming in gfs2 plugin
Resolves: bz667783

[1.7-9.56]
- Fix translation for fr locale
Resolves: bz641020

[1.7-9.55]
- Add basic Infiniband plugin
Resolves: bz673246
- Add plugin for scsi-target-utils iSCSI target
Resolves: bz677123
- Fix handling of TMP environment variable
Resolves: bz733133
- Correctly determine kernel version in cluster plugin
Resolves: bz742567
- Add libvirt plugin
Resolves: bz568635
- Add gfs2 plugin to supplement cluster data collection
Resolves: bz667783

Affected Software/OS:
'sos' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-4083
RHSA-2011:1536
http://rhn.redhat.com/errata/RHSA-2011-1536.html
RHSA-2012:0153
http://rhn.redhat.com/errata/RHSA-2012-0153.html

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123975
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0153)
Summary:	The remote host is missing an update for the 'sos' package(s) announced via the ELSA-2012-0153 advisory.
Description:	Summary: The remote host is missing an update for the 'sos' package(s) announced via the ELSA-2012-0153 advisory. Vulnerability Insight: [1.7-9.62.0.1.el5] - add patch to remove all sysrq echo commands from sysreport.legacy (John Sobecki) [orabug 11061754] - comment out rh-upload-core and README.rh-upload-core in specfile [1.7-9.62] - Always log plugin exceptions that are not raised to the interpreter Resolves: bz717480 - Ensure relative symlink targets are correctly handled when copying Resolves: bz717962 - Correctly handle libxml2 parser exceptions when reading cluster.conf Resolves: bz750573 - Update Red Hat Certificate System plugin for current versions Resolves: bz627416 [1.7-9.61] - Make single threaded operation default and add --multithread to override Resolves: bz708346 - Support multiple possible locations of VRTSexplorer script Resolves: bz565996 - Collect wallaby dump and inventory information in mrggrid plugin Resolves: bz641020 [1.7-9.60] - Add ethtool pause, coalesce and ring (-a, -c, -g) options to network plugin Resolves: bz726421 - Update MRG grid plugin to collect additional logs and configuration Resolves: bz641020 [1.7-9.59] - Fix collection of symlink destinations when copying directory trees Resolves: bz717962 - Allow plugins to specify non-root symlinks for collected command output Resolves: bz716987 - Ensure custom rsyslog destinations are captured and log size limits applied Resolves: bz717167 [1.7-9.58] - Add basic plugin for Veritas products Resolves: bz565996 - Do not collect subscription manager keys in general plugin Resolves: bz750606 - Fix gfs2 plugin use of callExtProg API Resolves: bz667783 [1.7-9.57] - Fix exceptions and file naming in gfs2 plugin Resolves: bz667783 [1.7-9.56] - Fix translation for fr locale Resolves: bz641020 [1.7-9.55] - Add basic Infiniband plugin Resolves: bz673246 - Add plugin for scsi-target-utils iSCSI target Resolves: bz677123 - Fix handling of TMP environment variable Resolves: bz733133 - Correctly determine kernel version in cluster plugin Resolves: bz742567 - Add libvirt plugin Resolves: bz568635 - Add gfs2 plugin to supplement cluster data collection Resolves: bz667783 Affected Software/OS: 'sos' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4083 RHSA-2011:1536 http://rhn.redhat.com/errata/RHSA-2011-1536.html RHSA-2012:0153 http://rhn.redhat.com/errata/RHSA-2012-0153.html
Copyright	Copyright (C) 2015 Greenbone AG