Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0953)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122133

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2011-0953)

Zusammenfassung: The remote host is missing an update for the 'system-config-firewall, system-config-printer' package(s) announced via the ELSA-2011-0953 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'system-config-firewall, system-config-printer' package(s) announced via the ELSA-2011-0953 advisory.

Vulnerability Insight:
system-config-firewall:

[1.2.27-3.3]
- fixed possible privilege escalation flaw via use of python pickle
(CVE-2011-2520), replaced pickle by json (rhbz#717985)
- stop D-BUS firewall mechanism on update

system-config-printer:

[1.1.16-17:.2]
- Build pycups with -fno-strict-aliasing compiler option to avoid
compiler warnings.

[1.1.16-17:.1]
- Adapted to system-config-firewall API change (bug #717985, CVE-2011-2520).

Affected Software/OS:
'system-config-firewall, system-config-printer' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.0

CVSS Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2520
1025793
http://securitytracker.com/id?1025793
45294
http://secunia.com/advisories/45294
48715
http://www.securityfocus.com/bid/48715
FEDORA-2011-9652
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html
RHSA-2011:0953
http://www.redhat.com/support/errata/RHSA-2011-0953.html
[oss-security] 20110718 CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation
http://www.openwall.com/lists/oss-security/2011/07/18/6
https://bugzilla.redhat.com/show_bug.cgi?id=717985
systemconfigfirewall-priv-escalation(68734)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68734

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122133
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2011-0953)
Zusammenfassung:	The remote host is missing an update for the 'system-config-firewall, system-config-printer' package(s) announced via the ELSA-2011-0953 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'system-config-firewall, system-config-printer' package(s) announced via the ELSA-2011-0953 advisory. Vulnerability Insight: system-config-firewall: [1.2.27-3.3] - fixed possible privilege escalation flaw via use of python pickle (CVE-2011-2520), replaced pickle by json (rhbz#717985) - stop D-BUS firewall mechanism on update system-config-printer: [1.1.16-17:.2] - Build pycups with -fno-strict-aliasing compiler option to avoid compiler warnings. [1.1.16-17:.1] - Adapted to system-config-firewall API change (bug #717985, CVE-2011-2520). Affected Software/OS: 'system-config-firewall, system-config-printer' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2520 1025793 http://securitytracker.com/id?1025793 45294 http://secunia.com/advisories/45294 48715 http://www.securityfocus.com/bid/48715 FEDORA-2011-9652 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html RHSA-2011:0953 http://www.redhat.com/support/errata/RHSA-2011-0953.html [oss-security] 20110718 CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation http://www.openwall.com/lists/oss-security/2011/07/18/6 https://bugzilla.redhat.com/show_bug.cgi?id=717985 systemconfigfirewall-priv-escalation(68734) https://exchange.xforce.ibmcloud.com/vulnerabilities/68734
Copyright	Copyright (C) 2015 Greenbone AG