Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0517)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123703

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2013-0517)

Zusammenfassung: The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory.

Vulnerability Insight:
[2.17.2-12.9]
- fix #892471 - CVE-2013-0157 mount folder existence information disclosure

[2.17.2-12.8]
- fix #679833 - [RFE] tailf should support
- fix #719927 - [RFE] add adjtimex --compare functionality to hwclock
- fix #730272 - losetup does not warn if backing file is < 512 bytes
- fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors
- fix #736245 - lscpu segfault on non-uniform cpu configuration
- fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong
- fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte
- fix #818621 - lsblk should not open device it prints info about
- fix #819945 - hwclock --systz causes a system time jump
- fix #820183 - mount(8) man page should include relatime in defaults definition
- fix #823008 - update to the latest upstream lscpu and chcpu
- fix #837935 - lscpu coredumps on a system with 158 active processors
- fix #839281 - inode_readahead for ext4 should be inode_readahead_blks
- fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail
- fix #845971 - while reading /etc/fstab, mount command returns a device before a directory
- fix #858009 - login doesn't update /var/run/utmp properly
- fix #809449 - Backport inverse tree (-s) option for lsblk and related patches
- fix #809139 - lsblk option -D missing in manpage

Affected Software/OS:
'util-linux-ng' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0157
88953
http://osvdb.org/88953
MDVSA-2013:154
http://www.mandriva.com/security/advisories?name=MDVSA-2013:154
RHSA-2013:0517
http://rhn.redhat.com/errata/RHSA-2013-0517.html
[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders
http://marc.info/?l=oss-security&m=135749410312247&w=2
http://bugs.debian.org/697464
https://bugzilla.redhat.com/show_bug.cgi?id=892330

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123703
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-0517)
Zusammenfassung:	The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory. Vulnerability Insight: [2.17.2-12.9] - fix #892471 - CVE-2013-0157 mount folder existence information disclosure [2.17.2-12.8] - fix #679833 - [RFE] tailf should support - fix #719927 - [RFE] add adjtimex --compare functionality to hwclock - fix #730272 - losetup does not warn if backing file is < 512 bytes - fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors - fix #736245 - lscpu segfault on non-uniform cpu configuration - fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong - fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte - fix #818621 - lsblk should not open device it prints info about - fix #819945 - hwclock --systz causes a system time jump - fix #820183 - mount(8) man page should include relatime in defaults definition - fix #823008 - update to the latest upstream lscpu and chcpu - fix #837935 - lscpu coredumps on a system with 158 active processors - fix #839281 - inode_readahead for ext4 should be inode_readahead_blks - fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail - fix #845971 - while reading /etc/fstab, mount command returns a device before a directory - fix #858009 - login doesn't update /var/run/utmp properly - fix #809449 - Backport inverse tree (-s) option for lsblk and related patches - fix #809139 - lsblk option -D missing in manpage Affected Software/OS: 'util-linux-ng' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0157 88953 http://osvdb.org/88953 MDVSA-2013:154 http://www.mandriva.com/security/advisories?name=MDVSA-2013:154 RHSA-2013:0517 http://rhn.redhat.com/errata/RHSA-2013-0517.html [oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders http://marc.info/?l=oss-security&m=135749410312247&w=2 http://bugs.debian.org/697464 https://bugzilla.redhat.com/show_bug.cgi?id=892330
Copyright	Copyright (C) 2015 Greenbone AG