ID de Prueba:	1.3.6.1.4.1.25623.1.0.122749
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-2079)
Resumen:	The remote host is missing an update for the 'binutils' package(s) announced via the ELSA-2015-2079 advisory.
Descripción:	Summary: The remote host is missing an update for the 'binutils' package(s) announced via the ELSA-2015-2079 advisory. Vulnerability Insight: [2.23.52.0.1-55] - Add missing delta to patch that fixes parsing corrupted archives. (#1162666) [2.23.52.0.1-54] - Import patch for PR 18270: Create AArch64 GOT entries for local symbols. (#1238783) [2.23.52.0.1-51] - Fix incorrectly generated binaries and DSOs on PPC platforms. (#1247126) [2.23.52.0.1-50] - Fix memory corruption parsing corrupt archives. (#1162666) [2.23.52.0.1-49] - Fix directory traversal vulnerability. (#1162655) [2.23.52.0.1-48] - Fix stack overflow in SREC parser. (#1162621) [2.23.52.0.1-47] - Fix stack overflow whilst parsing a corrupt iHex file. (#1162607) [2.23.52.0.1-46] - Fix out of bounds memory accesses when parsing corrupt PE binaries. (#1162594, #1162570) [2.23.52.0.1-45] - Change strings program to default to -a. Fix problems parsing files containing corrupt ELF group sections. (#1157276) [2.23.52.0.1-44] - Avoid reading beyond function boundary when disassembling. (#1060282) - For binary output, we don't have an ELF bfd output so can't access elf_elfheader. (#1226864) [2.23.52.0.1-43] - Don't discard stap probe note sections on aarch64 (#1225091) [2.23.52.0.1-42] - Clamp maxpagesize at 1 (rather than 0) to avoid segfaults in the linker when passed a bogus max-page-size argument. (#1203449) [2.23.52.0.1-41] - Fixup bfd elf_link_add_object_symbols for ppc64 to prevent subsequent uninitialized accesses elsewhere. (#1172766) [2.23.52.0.1-40] - Minor testsuite adjustments for PPC changes in -38/-39. (#1183838) Fix md_assemble for PPC to handle arithmetic involving the TOC better. (#1183838) [2.23.52.0.1-39] - Fix ppc64: segv in libbfd (#1172766). [2.23.52.0.1-38] - Unconditionally apply ppc64le patches (#1183838). [2.23.52.0.1-37] - Andreas's backport of z13 and dependent fixes for s390, including tesetcase fix from Apr 27, 2015. (#1182153) [2.23.52.0.1-35] - Fixup testsuite for AArch64 (#1182111) - Add support for @localentry for LE PPC64 (#1194164) [2.23.52.0.1-34] - Do not install windmc(1) man page (#850832) [2.23.52.0.1-33] - Don't replace R_390_TLS_LE{32,64} with R_390_TLS_TPOFF for PIE (#872148) - Enable relro by default for arm and aarch64 (#1203449) - Backport 3 RELRO improvements for ppc64/ppc64le from upstream (#1175624) [2.23.52.0.1-31] - Backport upstream RELRO fixes. (#1200138) Affected Software/OS: 'binutils' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8484 BugTraq ID: 70714 http://www.securityfocus.com/bid/70714 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html https://security.gentoo.org/glsa/201612-24 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://openwall.com/lists/oss-security/2014/10/23/5 http://www.openwall.com/lists/oss-security/2014/10/26/2 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8485 BugTraq ID: 70741 http://www.securityfocus.com/bid/70741 http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8501 BugTraq ID: 70866 http://www.securityfocus.com/bid/70866 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://www.openwall.com/lists/oss-security/2014/10/26/3 http://www.openwall.com/lists/oss-security/2014/10/31/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8502 BugTraq ID: 70869 http://www.securityfocus.com/bid/70869 Common Vulnerability Exposure (CVE) ID: CVE-2014-8503 BugTraq ID: 70868 http://www.securityfocus.com/bid/70868 Common Vulnerability Exposure (CVE) ID: CVE-2014-8504 BugTraq ID: 70761 http://www.securityfocus.com/bid/70761 http://www.openwall.com/lists/oss-security/2014/10/27/4 http://www.openwall.com/lists/oss-security/2014/10/27/5 Common Vulnerability Exposure (CVE) ID: CVE-2014-8737 BugTraq ID: 70908 http://www.securityfocus.com/bid/70908 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html http://www.openwall.com/lists/oss-security/2014/11/13/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8738 BugTraq ID: 71083 http://www.securityfocus.com/bid/71083 Debian Security Information: DSA-3123 (Google Search) http://www.debian.org/security/2015/dsa-3123 http://www.openwall.com/lists/oss-security/2014/11/02/4 http://www.openwall.com/lists/oss-security/2014/11/05/7 http://www.openwall.com/lists/oss-security/2014/11/13/2
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.