Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2010-0792)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122303

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2010-0792)

Zusammenfassung: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-194.17.4.0.1.el5, oracleasm-2.6.18-194.17.4.0.1.el5' package(s) announced via the ELSA-2010-0792 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel, ocfs2-2.6.18-194.17.4.0.1.el5, oracleasm-2.6.18-194.17.4.0.1.el5' package(s) announced via the ELSA-2010-0792 advisory.

Vulnerability Insight:
[2.6.18-194.17.4.0.1.el5]
- [xen] check to see if hypervisor supports memory reservation change
(Chuck Anderson) [orabug 7556514]
- Add entropy support to igb (John Sobecki) [orabug 7607479]
- [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332]
- [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043]
[bz 7258]
- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [nfsd] fix failure of file creation from hpux client (Wen gang Wang)
[orabug 7579314]
- [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702]
- [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin)
[orabug 9504524]
- [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105]
RDS: Fix BUG_ONs to not fire when in a tasklet
ipoib: Fix lockup of the tx queue
RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)
RDS: Properly unmap when getting a remote access error (Tina Yang)
RDS: Fix locking in rds_send_drop_to()
- [mm] Enhance shrink_zone patch allow full swap utilization, and also be
NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh)
[orabug 9245919]
- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)
[orabug 9107465]
- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)
[orabug 9764220]
- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]
- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,
Guru Anbalagane) [orabug 6124033]
- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]
- [ib] fix memory corruption (Andy Grover) [orabug 9972346]

[2.6.18-194.17.4.el5]
- [net] rds: fix local privilege escalation (Eugene Teo) [642897 642898] {CVE-2010-3904}

Affected Software/OS:
'kernel, ocfs2-2.6.18-194.17.4.0.1.el5, oracleasm-2.6.18-194.17.4.0.1.el5' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3904
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
CERT/CC vulnerability note: VU#362983
http://www.kb.cert.org/vuls/id/362983
https://www.exploit-db.com/exploits/44677/
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.vsecurity.com/resources/advisory/20101019-1/
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://securitytracker.com/id?1024613
http://secunia.com/advisories/46397
SuSE Security Announcement: SUSE-SA:2010:053 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
SuSE Security Announcement: SUSE-SA:2010:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.ubuntu.com/usn/USN-1000-1
http://www.vupen.com/english/advisories/2011/0298

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122303
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2010-0792)
Zusammenfassung:	The remote host is missing an update for the 'kernel, ocfs2-2.6.18-194.17.4.0.1.el5, oracleasm-2.6.18-194.17.4.0.1.el5' package(s) announced via the ELSA-2010-0792 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-194.17.4.0.1.el5, oracleasm-2.6.18-194.17.4.0.1.el5' package(s) announced via the ELSA-2010-0792 advisory. Vulnerability Insight: [2.6.18-194.17.4.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524] - [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh) [orabug 9245919] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-194.17.4.el5] - [net] rds: fix local privilege escalation (Eugene Teo) [642897 642898] {CVE-2010-3904} Affected Software/OS: 'kernel, ocfs2-2.6.18-194.17.4.0.1.el5, oracleasm-2.6.18-194.17.4.0.1.el5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3904 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded CERT/CC vulnerability note: VU#362983 http://www.kb.cert.org/vuls/id/362983 https://www.exploit-db.com/exploits/44677/ http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html http://www.vsecurity.com/download/tools/linux-rds-exploit.c http://www.vsecurity.com/resources/advisory/20101019-1/ http://www.redhat.com/support/errata/RHSA-2010-0792.html http://www.redhat.com/support/errata/RHSA-2010-0842.html http://securitytracker.com/id?1024613 http://secunia.com/advisories/46397 SuSE Security Announcement: SUSE-SA:2010:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html SuSE Security Announcement: SUSE-SA:2010:057 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html SuSE Security Announcement: SUSE-SA:2011:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.ubuntu.com/usn/USN-1000-1 http://www.vupen.com/english/advisories/2011/0298
Copyright	Copyright (C) 2015 Greenbone AG