Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-1801)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123258

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2014-1801)

Zusammenfassung: The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory.

Vulnerability Insight:
shim
[0.7-8.0.1]
- update Oracle Linux certificates (Alexey Petrenko)
- replace securebootca.cer (Alexey Petrenko)

[0.7-8]
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677

[0.7-7]
- Use the right key for ARM Aarch64.

[0.7-6]
- Preliminary build for ARM Aarch64.

shim-signed
[0.7-8.0.1]
- Oracle Linux certificates (Alexey Petrenko)

[0.7-8]
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677

[0.7-5.2]
- Get the right signatures on shim-redhat.efi
Related: rhbz#1064449

[0.7-5.1]
- Update for signed shim for RHEL 7
Resolves: rhbz#1064449

Affected Software/OS:
'shim, shim-signed' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3675
BugTraq ID: 70407
http://www.securityfocus.com/bid/70407
http://www.openwall.com/lists/oss-security/2014/10/13/4
RedHat Security Advisories: RHSA-2014:1801
http://rhn.redhat.com/errata/RHSA-2014-1801.html
XForce ISS Database: shim-cve20143675-dos(96981)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96981
Common Vulnerability Exposure (CVE) ID: CVE-2014-3676
BugTraq ID: 70409
http://www.securityfocus.com/bid/70409
XForce ISS Database: shim-cve20143676-bo(96988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96988
Common Vulnerability Exposure (CVE) ID: CVE-2014-3677
BugTraq ID: 70410
http://www.securityfocus.com/bid/70410
XForce ISS Database: shim-cve20143677-code-exec(96989)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96989

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123258
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2014-1801)
Zusammenfassung:	The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory. Vulnerability Insight: shim [0.7-8.0.1] - update Oracle Linux certificates (Alexey Petrenko) - replace securebootca.cer (Alexey Petrenko) [0.7-8] - out-of-bounds memory read flaw in DHCPv6 packet processing Resolves: CVE-2014-3675 - heap-based buffer overflow flaw in IPv6 address parsing Resolves: CVE-2014-3676 - memory corruption flaw when processing Machine Owner Keys (MOKs) Resolves: CVE-2014-3677 [0.7-7] - Use the right key for ARM Aarch64. [0.7-6] - Preliminary build for ARM Aarch64. shim-signed [0.7-8.0.1] - Oracle Linux certificates (Alexey Petrenko) [0.7-8] - out-of-bounds memory read flaw in DHCPv6 packet processing Resolves: CVE-2014-3675 - heap-based buffer overflow flaw in IPv6 address parsing Resolves: CVE-2014-3676 - memory corruption flaw when processing Machine Owner Keys (MOKs) Resolves: CVE-2014-3677 [0.7-5.2] - Get the right signatures on shim-redhat.efi Related: rhbz#1064449 [0.7-5.1] - Update for signed shim for RHEL 7 Resolves: rhbz#1064449 Affected Software/OS: 'shim, shim-signed' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3675 BugTraq ID: 70407 http://www.securityfocus.com/bid/70407 http://www.openwall.com/lists/oss-security/2014/10/13/4 RedHat Security Advisories: RHSA-2014:1801 http://rhn.redhat.com/errata/RHSA-2014-1801.html XForce ISS Database: shim-cve20143675-dos(96981) https://exchange.xforce.ibmcloud.com/vulnerabilities/96981 Common Vulnerability Exposure (CVE) ID: CVE-2014-3676 BugTraq ID: 70409 http://www.securityfocus.com/bid/70409 XForce ISS Database: shim-cve20143676-bo(96988) https://exchange.xforce.ibmcloud.com/vulnerabilities/96988 Common Vulnerability Exposure (CVE) ID: CVE-2014-3677 BugTraq ID: 70410 http://www.securityfocus.com/bid/70410 XForce ISS Database: shim-cve20143677-code-exec(96989) https://exchange.xforce.ibmcloud.com/vulnerabilities/96989
Copyright	Copyright (C) 2015 Greenbone AG