Test Kennung:	1.3.6.1.4.1.25623.1.0.123306
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2014-1245)
Zusammenfassung:	The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2014-1245 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2014-1245 advisory. Vulnerability Insight: [1.6.1-78.el5] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121509) [1.6.1-77.el5] - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 [1.6.1-76.el5] - run the backported self-tests, such as they are, for CVE-2014-4341 [1.6.1-75.el5] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, #1121509) [1.6.1-74.el5] - add patch based on one from Filip Krska to not call poll() with a negative timeout when the caller's intent is for us to just stop calling it (#1089732) [1.6.1-73.el5] - incorporate backported upstream patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, [1.6.1-72.el5] - add part-backported fix to avoid possible use-after-free when encrypting delegated creds (Jatin Nansi, #1004632) Affected Software/OS: 'krb5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1418 BugTraq ID: 63555 http://www.securityfocus.com/bid/63555 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:1738 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html SuSE Security Announcement: openSUSE-SU-2013:1751 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1833 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6800 BugTraq ID: 63770 http://www.securityfocus.com/bid/63770 Common Vulnerability Exposure (CVE) ID: CVE-2014-4341 BugTraq ID: 68909 http://www.securityfocus.com/bid/68909 Debian Security Information: DSA-3000 (Google Search) http://www.debian.org/security/2014/dsa-3000 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://www.securitytracker.com/id/1030706 http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://secunia.com/advisories/60448 XForce ISS Database: mit-kerberos-cve20144341-dos(94904) https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 Common Vulnerability Exposure (CVE) ID: CVE-2014-4344 BugTraq ID: 69160 http://www.securityfocus.com/bid/69160 http://www.osvdb.org/109389 http://secunia.com/advisories/61051 XForce ISS Database: kerberos-cve20144344-dos(95210) https://exchange.xforce.ibmcloud.com/vulnerabilities/95210
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.