Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2008-0061)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122587

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2008-0061)

Zusammenfassung: The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory.

Vulnerability Insight:
setroubleshoot:
[2.0.5-3.0.1.el5]
- replace missed references to bugzilla.redhat.com with linux.oracle.com

[2.0.5-3]
- Resolve: bug #436564: socket.getsockopt() on ppc generates exception
Fix typo in original setroubleshoot-get_credentials.patch

[2.0.5-2]
- Resolve: bug #437857: python error in system shutdown
- Resolve: bug #436564: socket.getsockopt() on ppc generates exception

[2.0.5-1]
- Resolve: bug #431768: parser error in xmlParseDoc()

[2.0.3-3]
- Resolve: bug #429179: notification-daemon crashes when a notification is removed from the display

[2.0.3-2]
- remove libuser-python dependency
- Related: bug #224351

[2.0.2-1]
- Resolve bug #428252: Problem with update/remove old version
- Add code to validate xml database version, if file is incompatible it is not read,
the next time the database is written it will be in the new version format.
This means the database contents are not preserved across database version upgrades.
- Remove postun trigger from spec file used to clear database between incompatible versions
the new database version check during database read will handle this instead
- bullet proof exit status in init script and rpm scriptlets
- Resolve bug #247302: setroubleshoots autostart .desktop file fails to start under a KDE session
- Resolve bug #376041: Cannot check setroubleshoot service status as non-root
- Resolve bug #332281: remove obsolete translation
- Resolve bug #344331: No description in gnome-session-properties
- Resolve bug #358581: missing libuser-python dependency
- Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin
- Resolve bug #427260: German Translation
- enhance the sealert man page

[2.0.1-1]
- make connection error message persist instead of timeout in browser
- updated Brazilian Portuguese translation: Igor Pires Soares - implement uid,username checks - rpc methods now check for authenticated state - fix html handling of summary string - add 'named' messages to status bar, make sure all messages either timeout or are named - fix ordering of menus, resolves bug #427418 - add 'hide quiet' to browser view filtering, resolves bug #427421 - tweak siginfo text formatting[2.0.0-1]- prepare for v2 test release - Completed most work for version 2 of setroubleshoot, prepare for test release - import Dans changes from the mainline primarily allow_postfix_local_write_mail_spool plugin - escape html, fix siginfo.format_html(), siginfo.format_text() - add async-error signal - change identity to just username - make sure set_filter user validation works and reports error in browser - fix generation of line numbers and host when connected to audispd - add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode - resolves bug #244345: avc path information incomplete - get the uid,gid when a client connects to the server - set_filter now verifies the filter is owned ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'setroubleshoot, setroubleshoot-plugins' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5495
1020077
http://securitytracker.com/id?1020077
29320
http://www.securityfocus.com/bid/29320
30339
http://secunia.com/advisories/30339
RHSA-2008:0061
http://www.redhat.com/support/errata/RHSA-2008-0061.html
https://bugzilla.redhat.com/show_bug.cgi?id=288221
oval:org.mitre.oval:def:9705
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705
setroubleshoot-sealert-symlink(42591)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42591
Common Vulnerability Exposure (CVE) ID: CVE-2007-5496
1020078
http://securitytracker.com/id?1020078
29324
http://www.securityfocus.com/bid/29324
https://bugzilla.redhat.com/show_bug.cgi?id=288271
oval:org.mitre.oval:def:10455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455
setroubleshoot-sealert-avc-xss(42592)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42592

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122587
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2008-0061)
Zusammenfassung:	The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'setroubleshoot, setroubleshoot-plugins' package(s) announced via the ELSA-2008-0061 advisory. Vulnerability Insight: setroubleshoot: [2.0.5-3.0.1.el5] - replace missed references to bugzilla.redhat.com with linux.oracle.com [2.0.5-3] - Resolve: bug #436564: socket.getsockopt() on ppc generates exception Fix typo in original setroubleshoot-get_credentials.patch [2.0.5-2] - Resolve: bug #437857: python error in system shutdown - Resolve: bug #436564: socket.getsockopt() on ppc generates exception [2.0.5-1] - Resolve: bug #431768: parser error in xmlParseDoc() [2.0.3-3] - Resolve: bug #429179: notification-daemon crashes when a notification is removed from the display [2.0.3-2] - remove libuser-python dependency - Related: bug #224351 [2.0.2-1] - Resolve bug #428252: Problem with update/remove old version - Add code to validate xml database version, if file is incompatible it is not read, the next time the database is written it will be in the new version format. This means the database contents are not preserved across database version upgrades. - Remove postun trigger from spec file used to clear database between incompatible versions the new database version check during database read will handle this instead - bullet proof exit status in init script and rpm scriptlets - Resolve bug #247302: setroubleshoots autostart .desktop file fails to start under a KDE session - Resolve bug #376041: Cannot check setroubleshoot service status as non-root - Resolve bug #332281: remove obsolete translation - Resolve bug #344331: No description in gnome-session-properties - Resolve bug #358581: missing libuser-python dependency - Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin - Resolve bug #427260: German Translation - enhance the sealert man page [2.0.1-1] - make connection error message persist instead of timeout in browser - updated Brazilian Portuguese translation: Igor Pires Soares - implement uid,username checks - rpc methods now check for authenticated state - fix html handling of summary string - add 'named' messages to status bar, make sure all messages either timeout or are named - fix ordering of menus, resolves bug #427418 - add 'hide quiet' to browser view filtering, resolves bug #427421 - tweak siginfo text formatting[2.0.0-1]- prepare for v2 test release - Completed most work for version 2 of setroubleshoot, prepare for test release - import Dans changes from the mainline primarily allow_postfix_local_write_mail_spool plugin - escape html, fix siginfo.format_html(), siginfo.format_text() - add async-error signal - change identity to just username - make sure set_filter user validation works and reports error in browser - fix generation of line numbers and host when connected to audispd - add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode - resolves bug #244345: avc path information incomplete - get the uid,gid when a client connects to the server - set_filter now verifies the filter is owned ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'setroubleshoot, setroubleshoot-plugins' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5495 1020077 http://securitytracker.com/id?1020077 29320 http://www.securityfocus.com/bid/29320 30339 http://secunia.com/advisories/30339 RHSA-2008:0061 http://www.redhat.com/support/errata/RHSA-2008-0061.html https://bugzilla.redhat.com/show_bug.cgi?id=288221 oval:org.mitre.oval:def:9705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705 setroubleshoot-sealert-symlink(42591) https://exchange.xforce.ibmcloud.com/vulnerabilities/42591 Common Vulnerability Exposure (CVE) ID: CVE-2007-5496 1020078 http://securitytracker.com/id?1020078 29324 http://www.securityfocus.com/bid/29324 https://bugzilla.redhat.com/show_bug.cgi?id=288271 oval:org.mitre.oval:def:10455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455 setroubleshoot-sealert-avc-xss(42592) https://exchange.xforce.ibmcloud.com/vulnerabilities/42592
Copyright	Copyright (C) 2015 Greenbone AG