Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2401)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122752

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2015-2401)

Zusammenfassung: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.

Vulnerability Insight:
[2.02-0.29.0.1]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms
[bug 19231481]
- update Oracle Linux certificates (Alexey Petrenko)
- Put 'with' in menuentry instead of 'using' [bug 18504756]
- Use different titles for UEK and RHCK kernels [bug 18504756]

[2.02-0.29]
- Fix DHCP6 timeouts due to failed network stack once more.
Resolves: rhbz#1267139

[2.02-0.28]
- Once again, rebuild for the right build target.
Resolves: CVE-2015-5281

[2.02-0.27]
- Remove multiboot and multiboot2 modules from the .efi builds, they
should never have been there.
Resolves: CVE-2015-5281

[2.02-0.26]
- Be more aggressive about trying to make sure we use the configured SNP
device in UEFI.
Resolves: rhbz#1257475

[2.02-0.25]
- Force file sync to disk on ppc64le machines.
Resolves: rhbz#1212114

[2.02-0.24]
- Undo 0.23 and fix it a different way.
Resolves: rhbz#1124074

[2.02-0.23]
- Reverse kernel sort order so they're displayed correctly.
Resolves: rhbz#1124074

[2.02-0.22]
- Make upgrades work reasonably well with grub2-setpassword.
Related: rhbz#985962

[2.02-0.21]
- Add a simpler grub2 password config tool
Related: rhbz#985962
- Some more coverity nits.

[2.02-0.20]
- Deal with some coverity nits.
Related: rhbz#1215839
Related: rhbz#1124074

[2.02-0.19]
- Rebuild for Aarch64
- Deal with some coverity nits.
Related: rhbz#1215839
Related: rhbz#1124074

[2.02-0.18]
- Update for an rpmdiff problem with one of the man pages.
Related: rhbz#1124074

Affected Software/OS:
'grub2' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5281
1034198
http://www.securitytracker.com/id/1034198
77983
http://www.securityfocus.com/bid/77983
FEDORA-2015-2c155d7632
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html
FEDORA-2015-c3b4fef3af
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html
RHSA-2015:2401
http://rhn.redhat.com/errata/RHSA-2015-2401.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1264103

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122752
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-2401)
Zusammenfassung:	The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory. Vulnerability Insight: [2.02-0.29.0.1] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [bug 19231481] - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [bug 18504756] - Use different titles for UEK and RHCK kernels [bug 18504756] [2.02-0.29] - Fix DHCP6 timeouts due to failed network stack once more. Resolves: rhbz#1267139 [2.02-0.28] - Once again, rebuild for the right build target. Resolves: CVE-2015-5281 [2.02-0.27] - Remove multiboot and multiboot2 modules from the .efi builds, they should never have been there. Resolves: CVE-2015-5281 [2.02-0.26] - Be more aggressive about trying to make sure we use the configured SNP device in UEFI. Resolves: rhbz#1257475 [2.02-0.25] - Force file sync to disk on ppc64le machines. Resolves: rhbz#1212114 [2.02-0.24] - Undo 0.23 and fix it a different way. Resolves: rhbz#1124074 [2.02-0.23] - Reverse kernel sort order so they're displayed correctly. Resolves: rhbz#1124074 [2.02-0.22] - Make upgrades work reasonably well with grub2-setpassword. Related: rhbz#985962 [2.02-0.21] - Add a simpler grub2 password config tool Related: rhbz#985962 - Some more coverity nits. [2.02-0.20] - Deal with some coverity nits. Related: rhbz#1215839 Related: rhbz#1124074 [2.02-0.19] - Rebuild for Aarch64 - Deal with some coverity nits. Related: rhbz#1215839 Related: rhbz#1124074 [2.02-0.18] - Update for an rpmdiff problem with one of the man pages. Related: rhbz#1124074 Affected Software/OS: 'grub2' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5281 1034198 http://www.securitytracker.com/id/1034198 77983 http://www.securityfocus.com/bid/77983 FEDORA-2015-2c155d7632 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html FEDORA-2015-c3b4fef3af http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html RHSA-2015:2401 http://rhn.redhat.com/errata/RHSA-2015-2401.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1264103
Copyright	Copyright (C) 2015 Greenbone AG