Test Kennung:	1.3.6.1.4.1.25623.1.0.123511
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-2585)
Zusammenfassung:	The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.33.3.el5uek, mlnx_en-2.6.32-400.33.3.el6uek, ofa-2.6.32-400.33.3.el5uek, ofa-2.6.32-400.33.3.el6uek' package(s) announced via the ELSA-2013-2585 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.33.3.el5uek, mlnx_en-2.6.32-400.33.3.el6uek, ofa-2.6.32-400.33.3.el5uek, ofa-2.6.32-400.33.3.el6uek' package(s) announced via the ELSA-2013-2585 advisory. Vulnerability Insight: kernel-uek [2.6.32-400.33.3uek] - af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17837974] {CVE-2013-2234} - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17837971] {CVE-2013-2164} - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17837966] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17837959] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17838023] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17837945] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17837942] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17837936] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17837936] - NFSv4: Check for buffer length in __nfs4_get_acl_uncached (Sven Wegener) [Orabug: 17837931] {CVE-2013-4591} - ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [Orabug: 17837999] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17837925] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17837923] {CVE-2013-0343} Affected Software/OS: 'kernel-uek, mlnx_en-2.6.32-400.33.3.el5uek, mlnx_en-2.6.32-400.33.3.el6uek, ofa-2.6.32-400.33.3.el5uek, ofa-2.6.32-400.33.3.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6545 http://www.openwall.com/lists/oss-security/2013/03/05/13 RedHat Security Advisories: RHSA-2013:1645 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.ubuntu.com/usn/USN-1805-1 http://www.ubuntu.com/usn/USN-1808-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0343 RHSA-2013:1449 http://rhn.redhat.com/errata/RHSA-2013-1449.html RHSA-2013:1490 http://rhn.redhat.com/errata/RHSA-2013-1490.html RHSA-2013:1645 USN-1976-1 http://www.ubuntu.com/usn/USN-1976-1 USN-1977-1 http://www.ubuntu.com/usn/USN-1977-1 USN-2019-1 http://www.ubuntu.com/usn/USN-2019-1 USN-2020-1 http://www.ubuntu.com/usn/USN-2020-1 USN-2021-1 http://www.ubuntu.com/usn/USN-2021-1 USN-2022-1 http://www.ubuntu.com/usn/USN-2022-1 USN-2023-1 http://www.ubuntu.com/usn/USN-2023-1 USN-2024-1 http://www.ubuntu.com/usn/USN-2024-1 USN-2038-1 http://www.ubuntu.com/usn/USN-2038-1 USN-2039-1 http://www.ubuntu.com/usn/USN-2039-1 USN-2050-1 http://www.ubuntu.com/usn/USN-2050-1 [oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses http://openwall.com/lists/oss-security/2012/12/05/4 [oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses http://openwall.com/lists/oss-security/2013/01/16/7 [oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses http://openwall.com/lists/oss-security/2013/01/21/11 [oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses http://www.openwall.com/lists/oss-security/2013/02/22/6 https://bugzilla.redhat.com/show_bug.cgi?id=914664 openSUSE-SU-2014:0204 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1928 SUSE-SU-2013:0856 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html USN-1829-1 http://www.ubuntu.com/usn/USN-1829-1 [oss-security] 20130405 Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE http://www.openwall.com/lists/oss-security/2013/04/06/2 [oss-security] 20130409 Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE http://www.openwall.com/lists/oss-security/2013/04/09/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12176503366885edd542389eed3aaf94be163fdb http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5 https://bugzilla.redhat.com/show_bug.cgi?id=949567 https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb openSUSE-SU-2013:0847 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2164 DSA-2766 http://www.debian.org/security/2013/dsa-2766 RHSA-2013:1166 http://rhn.redhat.com/errata/RHSA-2013-1166.html SUSE-SU-2013:1473 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html SUSE-SU-2013:1474 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html USN-1912-1 http://www.ubuntu.com/usn/USN-1912-1 USN-1913-1 http://www.ubuntu.com/usn/USN-1913-1 USN-1941-1 http://www.ubuntu.com/usn/USN-1941-1 USN-1942-1 http://www.ubuntu.com/usn/USN-1942-1 [oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver. http://www.openwall.com/lists/oss-security/2013/06/10/9 http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2 https://bugzilla.redhat.com/show_bug.cgi?id=973100 openSUSE-SU-2013:1971 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2234 USN-1938-1 http://www.ubuntu.com/usn/USN-1938-1 USN-1943-1 http://www.ubuntu.com/usn/USN-1943-1 USN-1944-1 http://www.ubuntu.com/usn/USN-1944-1 USN-1945-1 http://www.ubuntu.com/usn/USN-1945-1 USN-1946-1 http://www.ubuntu.com/usn/USN-1946-1 USN-1947-1 http://www.ubuntu.com/usn/USN-1947-1 [oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages http://www.openwall.com/lists/oss-security/2013/07/02/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 https://bugzilla.redhat.com/show_bug.cgi?id=980995 https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 Common Vulnerability Exposure (CVE) ID: CVE-2013-2888 Debian Security Information: DSA-2766 (Google Search) http://marc.info/?l=linux-input&m=137772180514608&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 RedHat Security Advisories: RHSA-2013:1490 http://www.ubuntu.com/usn/USN-1995-1 http://www.ubuntu.com/usn/USN-1998-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2889 BugTraq ID: 62042 http://www.securityfocus.com/bid/62042 http://marc.info/?l=linux-input&m=137772182014614&w=1 http://www.ubuntu.com/usn/USN-2015-1 http://www.ubuntu.com/usn/USN-2016-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2892 BugTraq ID: 62049 http://www.securityfocus.com/bid/62049 http://marc.info/?l=linux-input&m=137772185414625&w=1 Common Vulnerability Exposure (CVE) ID: CVE-2013-3231 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 https://lkml.org/lkml/2013/4/14/107 http://www.openwall.com/lists/oss-security/2013/04/14/3 SuSE Security Announcement: SUSE-SU-2013:1182 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html SuSE Security Announcement: openSUSE-SU-2013:1187 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search) http://www.ubuntu.com/usn/USN-1837-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4345 62740 http://www.securityfocus.com/bid/62740 USN-2064-1 http://www.ubuntu.com/usn/USN-2064-1 USN-2065-1 http://www.ubuntu.com/usn/USN-2065-1 USN-2068-1 http://www.ubuntu.com/usn/USN-2068-1 USN-2070-1 http://www.ubuntu.com/usn/USN-2070-1 USN-2071-1 http://www.ubuntu.com/usn/USN-2071-1 USN-2072-1 http://www.ubuntu.com/usn/USN-2072-1 USN-2074-1 http://www.ubuntu.com/usn/USN-2074-1 USN-2075-1 http://www.ubuntu.com/usn/USN-2075-1 USN-2076-1 http://www.ubuntu.com/usn/USN-2076-1 USN-2109-1 http://www.ubuntu.com/usn/USN-2109-1 USN-2110-1 http://www.ubuntu.com/usn/USN-2110-1 USN-2158-1 http://www.ubuntu.com/usn/USN-2158-1 [linux-crypto] 20130917 [PATCH] ansi_cprng: Fix off by one error in non-block size request http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=1007690 Common Vulnerability Exposure (CVE) ID: CVE-2013-4591 63791 http://www.securityfocus.com/bid/63791 RHSA-2014:0284 http://rhn.redhat.com/errata/RHSA-2014-0284.html [oss-security] 20131118 CVE-2013-4591 -- Linux kernel: kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached http://www.openwall.com/lists/oss-security/2013/11/18/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d3e91a89b7adbc2831334def9e494dd9892f9af http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=1031678 https://github.com/torvalds/linux/commit/7d3e91a89b7adbc2831334def9e494dd9892f9af
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.