Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-1445-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123781

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2012-1445-1)

Zusammenfassung: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.20.1.0.1.el5, oracleasm-2.6.18-308.20.1.0.1.el5' package(s) announced via the ELSA-2012-1445-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.20.1.0.1.el5, oracleasm-2.6.18-308.20.1.0.1.el5' package(s) announced via the ELSA-2012-1445-1 advisory.

Vulnerability Insight:
[2.6.18-308.20.1.0.1.el5]
- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]
- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]
- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]
- [net] bonding: fix carrier detect when bond is down [orabug 12377284]
- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]
- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)
- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)
- [x86] Fix lvt0 reset when hvm boot up with noapic param
- [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason)
[orabug 12342275]
- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]
- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]
- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]
- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]
- [scsi] fix scsi hotplug and rescan race [orabug 10260172]
- fix filp_close() race (Joe Jin) [orabug 10335998]
- make xenkbd.abs_pointer=1 by default [orabug 67188919]
- [xen] check to see if hypervisor supports memory reservation change
(Chuck Anderson) [orabug 7556514]
- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)
[orabug 10315433]
- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]
- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding
hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]
- [mm] Enhance shrink_zone patch allow full swap utilization, and also be
NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]
RDS: Fix BUG_ONs to not fire when in a tasklet
ipoib: Fix lockup of the tx queue
RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)
RDS: Properly unmap when getting a remote access error (Tina Yang)
RDS: Fix locking in rds_send_drop_to()
- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)
[orabug 9107465]
- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)
[orabug 9764220]
- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]
- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,
Guru Anbalagane) [orabug 6124033]
- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]
- [ib] fix memory corruption (Andy Grover) [orabug 9972346]

[2.6.18-308.20.1.el5]
- Revert: [x86] mm: randomize SHLIB_BASE (Dave Anderson) [804953 804954] {CVE-2012-1568}

[2.6.18-308.19.1.el5]
- [net] be2net: Remove code that stops further access to BE NIC based on UE bits (Alexander Gordeev) ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel, ocfs2-2.6.18-308.20.1.0.1.el5, oracleasm-2.6.18-308.20.1.0.1.el5' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-2100
53414
http://www.securityfocus.com/bid/53414
RHSA-2012:1445
http://rhn.redhat.com/errata/RHSA-2012-1445.html
RHSA-2012:1580
http://rhn.redhat.com/errata/RHSA-2012-1580.html
[oss-security] 20120412 Re: fix to CVE-2009-4307
http://www.openwall.com/lists/oss-security/2012/04/12/11
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
https://bugzilla.redhat.com/show_bug.cgi?id=809687
https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123781
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2012-1445-1)
Zusammenfassung:	The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.20.1.0.1.el5, oracleasm-2.6.18-308.20.1.0.1.el5' package(s) announced via the ELSA-2012-1445-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.20.1.0.1.el5, oracleasm-2.6.18-308.20.1.0.1.el5' package(s) announced via the ELSA-2012-1445-1 advisory. Vulnerability Insight: [2.6.18-308.20.1.0.1.el5] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-308.20.1.el5] - Revert: [x86] mm: randomize SHLIB_BASE (Dave Anderson) [804953 804954] {CVE-2012-1568} [2.6.18-308.19.1.el5] - [net] be2net: Remove code that stops further access to BE NIC based on UE bits (Alexander Gordeev) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel, ocfs2-2.6.18-308.20.1.0.1.el5, oracleasm-2.6.18-308.20.1.0.1.el5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2100 53414 http://www.securityfocus.com/bid/53414 RHSA-2012:1445 http://rhn.redhat.com/errata/RHSA-2012-1445.html RHSA-2012:1580 http://rhn.redhat.com/errata/RHSA-2012-1580.html [oss-security] 20120412 Re: fix to CVE-2009-4307 http://www.openwall.com/lists/oss-security/2012/04/12/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=809687 https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b
Copyright	Copyright (C) 2015 Greenbone AG