Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2016-0715)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122929

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2016-0715)

Resumen: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2016-0715 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2016-0715 advisory.

Vulnerability Insight:
[2.6.32-573.26.1]
- [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1326043 1324318]
- [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1326043 1324318]
- [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1326043 1324318]
- [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1326043 1324318]
- [kernel] Revert 'fix KABI break' (Jiri Olsa) [1326043 1324318]

[2.6.32-573.25.1]
- [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157}
- [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157}
- [fs] anon_inodes implement dname (Aristeu Rozanski) [1322707 1296019]
- [fs] xfs: Avoid pathological backwards allocation (Bill O'Donnell) [1320031 1302777]
- [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297421 1297422] {CVE-2015-8767}
- [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1319276 1299975]
- [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1315696 1309241]
- [md] raid10: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546]
- [md] raid1: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546]
- [md] raid10: submit_bio_wait returns 0 on success (Jes Sorensen) [1320863 1273546]
- [md] raid1: submit_bio_wait() returns 0 on success (Jes Sorensen) [1320863 1273546]
- [md] crash in md-raid1 and md-raid10 due to incorrect list manipulation (Jes Sorensen) [1320863 1273546]
- [md] raid10: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546]
- [md] raid1: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546]

[2.6.32-573.24.1]
- [sched] fix KABI break (Seth Jennings) [1314878 1230310]
- [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1314878 1230310]
- [sched] sched,perf: Fix periodic timers (Seth Jennings) [1314878 1230310]
- [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1314878 1230310]
- [sched] Cleanup bandwidth timers (Seth Jennings) [1314878 1230310]
- [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1314878 1230310]
- [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1314878 1230310]
- [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1314878 1230310]
- [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1314878 1230310]
- [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1314878 1230310]
- [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1314878 1230310]
- [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5157
76005
http://www.securityfocus.com/bid/76005
DSA-3313
http://www.debian.org/security/2015/dsa-3313
RHSA-2016:0185
http://rhn.redhat.com/errata/RHSA-2016-0185.html
RHSA-2016:0212
http://rhn.redhat.com/errata/RHSA-2016-0212.html
RHSA-2016:0224
http://rhn.redhat.com/errata/RHSA-2016-0224.html
RHSA-2016:0715
http://rhn.redhat.com/errata/RHSA-2016-0715.html
SUSE-SU-2015:1727
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
SUSE-SU-2015:2108
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
SUSE-SU-2015:2339
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
SUSE-SU-2015:2350
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
SUSE-SU-2016:0354
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
USN-2687-1
http://www.ubuntu.com/usn/USN-2687-1
USN-2688-1
http://www.ubuntu.com/usn/USN-2688-1
USN-2689-1
http://www.ubuntu.com/usn/USN-2689-1
USN-2690-1
http://www.ubuntu.com/usn/USN-2690-1
USN-2691-1
http://www.ubuntu.com/usn/USN-2691-1
[oss-security] 20150722 Linux x86_64 NMI security issues
http://www.openwall.com/lists/oss-security/2015/07/22/7
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a
Common Vulnerability Exposure (CVE) ID: CVE-2015-8767
BugTraq ID: 80268
http://www.securityfocus.com/bid/80268
Debian Security Information: DSA-3448 (Google Search)
http://www.debian.org/security/2016/dsa-3448
Debian Security Information: DSA-3503 (Google Search)
http://www.debian.org/security/2016/dsa-3503
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
http://www.openwall.com/lists/oss-security/2016/01/11/4
RedHat Security Advisories: RHSA-2016:0715
RedHat Security Advisories: RHSA-2016:1277
https://access.redhat.com/errata/RHSA-2016:1277
RedHat Security Advisories: RHSA-2016:1301
https://access.redhat.com/errata/RHSA-2016:1301
RedHat Security Advisories: RHSA-2016:1341
https://access.redhat.com/errata/RHSA-2016:1341
SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
http://www.ubuntu.com/usn/USN-2930-1
http://www.ubuntu.com/usn/USN-2930-2
http://www.ubuntu.com/usn/USN-2930-3
http://www.ubuntu.com/usn/USN-2931-1
http://www.ubuntu.com/usn/USN-2932-1
http://www.ubuntu.com/usn/USN-2967-1
http://www.ubuntu.com/usn/USN-2967-2

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122929
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2016-0715)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2016-0715 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2016-0715 advisory. Vulnerability Insight: [2.6.32-573.26.1] - [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1326043 1324318] - [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1326043 1324318] - [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1326043 1324318] - [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1326043 1324318] - [kernel] Revert 'fix KABI break' (Jiri Olsa) [1326043 1324318] [2.6.32-573.25.1] - [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157} - [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157} - [fs] anon_inodes implement dname (Aristeu Rozanski) [1322707 1296019] - [fs] xfs: Avoid pathological backwards allocation (Bill O'Donnell) [1320031 1302777] - [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297421 1297422] {CVE-2015-8767} - [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1319276 1299975] - [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1315696 1309241] - [md] raid10: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546] - [md] raid1: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546] - [md] raid10: submit_bio_wait returns 0 on success (Jes Sorensen) [1320863 1273546] - [md] raid1: submit_bio_wait() returns 0 on success (Jes Sorensen) [1320863 1273546] - [md] crash in md-raid1 and md-raid10 due to incorrect list manipulation (Jes Sorensen) [1320863 1273546] - [md] raid10: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546] - [md] raid1: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546] [2.6.32-573.24.1] - [sched] fix KABI break (Seth Jennings) [1314878 1230310] - [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1314878 1230310] - [sched] sched,perf: Fix periodic timers (Seth Jennings) [1314878 1230310] - [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1314878 1230310] - [sched] Cleanup bandwidth timers (Seth Jennings) [1314878 1230310] - [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1314878 1230310] - [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1314878 1230310] - [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1314878 1230310] - [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1314878 1230310] - [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1314878 1230310] - [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1314878 1230310] - [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5157 76005 http://www.securityfocus.com/bid/76005 DSA-3313 http://www.debian.org/security/2015/dsa-3313 RHSA-2016:0185 http://rhn.redhat.com/errata/RHSA-2016-0185.html RHSA-2016:0212 http://rhn.redhat.com/errata/RHSA-2016-0212.html RHSA-2016:0224 http://rhn.redhat.com/errata/RHSA-2016-0224.html RHSA-2016:0715 http://rhn.redhat.com/errata/RHSA-2016-0715.html SUSE-SU-2015:1727 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html SUSE-SU-2015:2108 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html SUSE-SU-2015:2339 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html SUSE-SU-2015:2350 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html SUSE-SU-2016:0354 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html USN-2687-1 http://www.ubuntu.com/usn/USN-2687-1 USN-2688-1 http://www.ubuntu.com/usn/USN-2688-1 USN-2689-1 http://www.ubuntu.com/usn/USN-2689-1 USN-2690-1 http://www.ubuntu.com/usn/USN-2690-1 USN-2691-1 http://www.ubuntu.com/usn/USN-2691-1 [oss-security] 20150722 Linux x86_64 NMI security issues http://www.openwall.com/lists/oss-security/2015/07/22/7 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a Common Vulnerability Exposure (CVE) ID: CVE-2015-8767 BugTraq ID: 80268 http://www.securityfocus.com/bid/80268 Debian Security Information: DSA-3448 (Google Search) http://www.debian.org/security/2016/dsa-3448 Debian Security Information: DSA-3503 (Google Search) http://www.debian.org/security/2016/dsa-3503 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://www.openwall.com/lists/oss-security/2016/01/11/4 RedHat Security Advisories: RHSA-2016:0715 RedHat Security Advisories: RHSA-2016:1277 https://access.redhat.com/errata/RHSA-2016:1277 RedHat Security Advisories: RHSA-2016:1301 https://access.redhat.com/errata/RHSA-2016:1301 RedHat Security Advisories: RHSA-2016:1341 https://access.redhat.com/errata/RHSA-2016:1341 SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2930-1 http://www.ubuntu.com/usn/USN-2930-2 http://www.ubuntu.com/usn/USN-2930-3 http://www.ubuntu.com/usn/USN-2931-1 http://www.ubuntu.com/usn/USN-2932-1 http://www.ubuntu.com/usn/USN-2967-1 http://www.ubuntu.com/usn/USN-2967-2
Copyright	Copyright (C) 2016 Greenbone AG