Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2009-1455)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122433

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2009-1455)

Resumen: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-164.2.1.0.1.el5, oracleasm-2.6.18-164.2.1.0.1.el5' package(s) announced via the ELSA-2009-1455 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, ocfs2-2.6.18-164.2.1.0.1.el5, oracleasm-2.6.18-164.2.1.0.1.el5' package(s) announced via the ELSA-2009-1455 advisory.

Vulnerability Insight:
[2.6.18-164.2.1.0.1.el5]
- [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514]
- Add entropy support to igb ( John Sobecki) [orabug 7607479]
- [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332]
- [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258]
- [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314]

[2.6.18-164.2.1.el5]
- [x86_64] kvm: bound last_kvm to prevent backwards time (Glauber Costa ) [524527 524076]
- [x86] kvm: fix vsyscall going backwards (Glauber Costa ) [524527 524076]
- [misc] fix RNG to not use first generated random block (Neil Horman ) [523289 522860]
- [x86] kvm: mark kvmclock_init as cpuinit (Glauber Costa ) [524151 523450]
- [x86_64] kvm: allow kvmclock to be overwritten (Glauber Costa ) [524150 523447]
- [x86] kvmclock: fix bogus wallclock value (Glauber Costa ) [524152 519771]
- [scsi] scsi_dh_rdace: add more sun hardware (mchristi@redhat.com ) [523237 518496]
- [misc] cprng: fix cont test to be fips compliant (Neil Horman ) [523290 523259]
- [net] bridge: fix LRO crash with tun (Andy Gospodarek ) [522636 483646]
- Revert: [x86_64] fix gettimeoday TSC overflow issue - 1 (Don Zickus ) [489847 467942]
- Revert: [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519309 519310] {CVE-2009-3001 CVE-2009-3002}

[2.6.18-164.1.1.el5]
- [net] sky2: revert some phy power refactoring changes (Neil Horman ) [517976 509891]
- [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519309 519310] {CVE-2009-3001 CVE-2009-3002}
- [x86_64] fix gettimeoday TSC overflow issue - 1 (Prarit Bhargava ) [489847 467942]
- [md] prevent crash when accessing suspend_* sysfs attr (Danny Feng ) [518135 518136] {CVE-2009-2849}
- [nfs] nlm_lookup_host: don't return invalidated nlm_host (Sachin S. Prabhu ) [517967 507549]
- [net] bonding: tlb/alb: set active slave when enslaving (Jiri Pirko ) [517971 499884]
- [nfs] r/w I/O perf degraded by FLUSH_STABLE page flush (Peter Staubach ) [521244 498433]
- [SELinux] allow preemption b/w transition perm checks (Eric Paris ) [520919 516216]
- [scsi] scsi_transport_fc: fc_user_scan correction (David Milburn ) [521239 515176]
- [net] tg3: refrain from touching MPS (John Feeney ) [521241 516123]
- [net] qlge: fix hangs and read performance (Marcus Barrow ) [519783 517893]
- [scsi] qla2xxx: allow use of MSI when MSI-X disabled (Marcus Barrow ) [519782 517922]
- [net] mlx4_en fix for vlan traffic (Doug Ledford ) [520906 514141]
- [net] mlx4_core: fails to load on large systems (Doug Ledford ) [520908 514147]
- [x86] disable kvmclock by default (Glauber Costa ) [520685 476075]
- [x86] disable kvmclock when shutting the machine down (Glauber Costa ) [520685 476075]
- [x86] ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel, ocfs2-2.6.18-164.2.1.0.1.el5, oracleasm-2.6.18-164.2.1.0.1.el5' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2849
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/
http://www.openwall.com/lists/oss-security/2009/07/24/1
http://www.openwall.com/lists/oss-security/2009/07/26/1
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396
RedHat Security Advisories: RHSA-2009:1540
https://rhn.redhat.com/errata/RHSA-2009-1540.html
http://www.securitytracker.com/id?1022961
http://secunia.com/advisories/36501
http://secunia.com/advisories/37105
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://www.ubuntu.com/usn/USN-852-1
http://www.vupen.com/english/advisories/2010/0528
XForce ISS Database: kernel-mddriver-dos(52858)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52858

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122433
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2009-1455)
Resumen:	The remote host is missing an update for the 'kernel, ocfs2-2.6.18-164.2.1.0.1.el5, oracleasm-2.6.18-164.2.1.0.1.el5' package(s) announced via the ELSA-2009-1455 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-164.2.1.0.1.el5, oracleasm-2.6.18-164.2.1.0.1.el5' package(s) announced via the ELSA-2009-1455 advisory. Vulnerability Insight: [2.6.18-164.2.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] [2.6.18-164.2.1.el5] - [x86_64] kvm: bound last_kvm to prevent backwards time (Glauber Costa ) [524527 524076] - [x86] kvm: fix vsyscall going backwards (Glauber Costa ) [524527 524076] - [misc] fix RNG to not use first generated random block (Neil Horman ) [523289 522860] - [x86] kvm: mark kvmclock_init as cpuinit (Glauber Costa ) [524151 523450] - [x86_64] kvm: allow kvmclock to be overwritten (Glauber Costa ) [524150 523447] - [x86] kvmclock: fix bogus wallclock value (Glauber Costa ) [524152 519771] - [scsi] scsi_dh_rdace: add more sun hardware (mchristi@redhat.com ) [523237 518496] - [misc] cprng: fix cont test to be fips compliant (Neil Horman ) [523290 523259] - [net] bridge: fix LRO crash with tun (Andy Gospodarek ) [522636 483646] - Revert: [x86_64] fix gettimeoday TSC overflow issue - 1 (Don Zickus ) [489847 467942] - Revert: [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519309 519310] {CVE-2009-3001 CVE-2009-3002} [2.6.18-164.1.1.el5] - [net] sky2: revert some phy power refactoring changes (Neil Horman ) [517976 509891] - [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519309 519310] {CVE-2009-3001 CVE-2009-3002} - [x86_64] fix gettimeoday TSC overflow issue - 1 (Prarit Bhargava ) [489847 467942] - [md] prevent crash when accessing suspend_* sysfs attr (Danny Feng ) [518135 518136] {CVE-2009-2849} - [nfs] nlm_lookup_host: don't return invalidated nlm_host (Sachin S. Prabhu ) [517967 507549] - [net] bonding: tlb/alb: set active slave when enslaving (Jiri Pirko ) [517971 499884] - [nfs] r/w I/O perf degraded by FLUSH_STABLE page flush (Peter Staubach ) [521244 498433] - [SELinux] allow preemption b/w transition perm checks (Eric Paris ) [520919 516216] - [scsi] scsi_transport_fc: fc_user_scan correction (David Milburn ) [521239 515176] - [net] tg3: refrain from touching MPS (John Feeney ) [521241 516123] - [net] qlge: fix hangs and read performance (Marcus Barrow ) [519783 517893] - [scsi] qla2xxx: allow use of MSI when MSI-X disabled (Marcus Barrow ) [519782 517922] - [net] mlx4_en fix for vlan traffic (Doug Ledford ) [520906 514141] - [net] mlx4_core: fails to load on large systems (Doug Ledford ) [520908 514147] - [x86] disable kvmclock by default (Glauber Costa ) [520685 476075] - [x86] disable kvmclock when shutting the machine down (Glauber Costa ) [520685 476075] - [x86] ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel, ocfs2-2.6.18-164.2.1.0.1.el5, oracleasm-2.6.18-164.2.1.0.1.el5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2849 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/ http://www.openwall.com/lists/oss-security/2009/07/24/1 http://www.openwall.com/lists/oss-security/2009/07/26/1 http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396 RedHat Security Advisories: RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html http://www.securitytracker.com/id?1022961 http://secunia.com/advisories/36501 http://secunia.com/advisories/37105 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.ubuntu.com/usn/USN-852-1 http://www.vupen.com/english/advisories/2010/0528 XForce ISS Database: kernel-mddriver-dos(52858) https://exchange.xforce.ibmcloud.com/vulnerabilities/52858
Copyright	Copyright (C) 2015 Greenbone AG