Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2401)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122752

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-2401)

Resumen: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.

Descripción: Summary:
The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.

Vulnerability Insight:
[2.02-0.29.0.1]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms
[bug 19231481]
- update Oracle Linux certificates (Alexey Petrenko)
- Put 'with' in menuentry instead of 'using' [bug 18504756]
- Use different titles for UEK and RHCK kernels [bug 18504756]

[2.02-0.29]
- Fix DHCP6 timeouts due to failed network stack once more.
Resolves: rhbz#1267139

[2.02-0.28]
- Once again, rebuild for the right build target.
Resolves: CVE-2015-5281

[2.02-0.27]
- Remove multiboot and multiboot2 modules from the .efi builds, they
should never have been there.
Resolves: CVE-2015-5281

[2.02-0.26]
- Be more aggressive about trying to make sure we use the configured SNP
device in UEFI.
Resolves: rhbz#1257475

[2.02-0.25]
- Force file sync to disk on ppc64le machines.
Resolves: rhbz#1212114

[2.02-0.24]
- Undo 0.23 and fix it a different way.
Resolves: rhbz#1124074

[2.02-0.23]
- Reverse kernel sort order so they're displayed correctly.
Resolves: rhbz#1124074

[2.02-0.22]
- Make upgrades work reasonably well with grub2-setpassword.
Related: rhbz#985962

[2.02-0.21]
- Add a simpler grub2 password config tool
Related: rhbz#985962
- Some more coverity nits.

[2.02-0.20]
- Deal with some coverity nits.
Related: rhbz#1215839
Related: rhbz#1124074

[2.02-0.19]
- Rebuild for Aarch64
- Deal with some coverity nits.
Related: rhbz#1215839
Related: rhbz#1124074

[2.02-0.18]
- Update for an rpmdiff problem with one of the man pages.
Related: rhbz#1124074

Affected Software/OS:
'grub2' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5281
1034198
http://www.securitytracker.com/id/1034198
77983
http://www.securityfocus.com/bid/77983
FEDORA-2015-2c155d7632
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html
FEDORA-2015-c3b4fef3af
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html
RHSA-2015:2401
http://rhn.redhat.com/errata/RHSA-2015-2401.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1264103

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122752
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-2401)
Resumen:	The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.
Descripción:	Summary: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory. Vulnerability Insight: [2.02-0.29.0.1] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [bug 19231481] - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [bug 18504756] - Use different titles for UEK and RHCK kernels [bug 18504756] [2.02-0.29] - Fix DHCP6 timeouts due to failed network stack once more. Resolves: rhbz#1267139 [2.02-0.28] - Once again, rebuild for the right build target. Resolves: CVE-2015-5281 [2.02-0.27] - Remove multiboot and multiboot2 modules from the .efi builds, they should never have been there. Resolves: CVE-2015-5281 [2.02-0.26] - Be more aggressive about trying to make sure we use the configured SNP device in UEFI. Resolves: rhbz#1257475 [2.02-0.25] - Force file sync to disk on ppc64le machines. Resolves: rhbz#1212114 [2.02-0.24] - Undo 0.23 and fix it a different way. Resolves: rhbz#1124074 [2.02-0.23] - Reverse kernel sort order so they're displayed correctly. Resolves: rhbz#1124074 [2.02-0.22] - Make upgrades work reasonably well with grub2-setpassword. Related: rhbz#985962 [2.02-0.21] - Add a simpler grub2 password config tool Related: rhbz#985962 - Some more coverity nits. [2.02-0.20] - Deal with some coverity nits. Related: rhbz#1215839 Related: rhbz#1124074 [2.02-0.19] - Rebuild for Aarch64 - Deal with some coverity nits. Related: rhbz#1215839 Related: rhbz#1124074 [2.02-0.18] - Update for an rpmdiff problem with one of the man pages. Related: rhbz#1124074 Affected Software/OS: 'grub2' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5281 1034198 http://www.securitytracker.com/id/1034198 77983 http://www.securityfocus.com/bid/77983 FEDORA-2015-2c155d7632 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html FEDORA-2015-c3b4fef3af http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html RHSA-2015:2401 http://rhn.redhat.com/errata/RHSA-2015-2401.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1264103
Copyright	Copyright (C) 2015 Greenbone AG