Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-1344)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123055

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-1344)

Resumen: The remote host is missing an update for the 'autofs' package(s) announced via the ELSA-2015-1344 advisory.

Descripción: Summary:
The remote host is missing an update for the 'autofs' package(s) announced via the ELSA-2015-1344 advisory.

Vulnerability Insight:
[5.0.5-113.0.1]
- add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280] (Bert Barbe)
use tcp instead of udp

[5.0.5-113]
- bz1201195 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c
- fix macro usage in lookup_program.c.
- Resolves: rhbz#1201195

[5.0.5-112]
- bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate
exports in the NFS server
- fix use after free in patch to handle duplicate in multi mounts.
- change log messages to try and make them more sensible.
- fix log entry for rev 5.0.5-111 below.
- Related: rhbz#1124083

[5.0.5-111]
- bz1153130 - autofs-5.0.5-109 with upgrade to RHEL 6.6 no longer recognizes
+yp: in auto.master
- fix fix master map type check.
- bz1156387 - autofs /net maps do not refresh list of shares exported on the
NFS server
- fix typo in update_hosts_mounts().
- fix hosts map update on reload.
- bz1160446 - priv escalation via interpreter load path for program based
automount maps
- add a prefix to program map stdvars.
- add config option to force use of program map stdvars.
- bz1175671 - automount segment fault in parse_sun.so for negative parser tests
- fix incorrect check in parse_mount().
- bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate
exports in the NFS server
- fix fix map entry duplicate offset detection (dependednt patch).
- handle duplicates in multi mounts.
- Resolves: rhbz#1153130 rhbz#1156387 rhbz#1160446 rhbz#1175671 rhbz#1124083

[5.0.5-110]
- bz1163957 - Autofs unable to mount indirect after attempt to mount wildcard
- make negative cache update consistent for all lookup modules.
- ensure negative cache isn't updated on remount.
- don't add wildcard to negative cache.
- Resolves: rhbz#1163957

Affected Software/OS:
'autofs' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8169
73211
http://www.securityfocus.com/bid/73211
RHSA-2015:1344
http://rhn.redhat.com/errata/RHSA-2015-1344.html
USN-2579-1
http://www.ubuntu.com/usn/USN-2579-1
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1192565
https://bugzilla.suse.com/show_bug.cgi?id=917977
openSUSE-SU-2015:0475
http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123055
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-1344)
Resumen:	The remote host is missing an update for the 'autofs' package(s) announced via the ELSA-2015-1344 advisory.
Descripción:	Summary: The remote host is missing an update for the 'autofs' package(s) announced via the ELSA-2015-1344 advisory. Vulnerability Insight: [5.0.5-113.0.1] - add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280] (Bert Barbe) use tcp instead of udp [5.0.5-113] - bz1201195 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c - fix macro usage in lookup_program.c. - Resolves: rhbz#1201195 [5.0.5-112] - bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server - fix use after free in patch to handle duplicate in multi mounts. - change log messages to try and make them more sensible. - fix log entry for rev 5.0.5-111 below. - Related: rhbz#1124083 [5.0.5-111] - bz1153130 - autofs-5.0.5-109 with upgrade to RHEL 6.6 no longer recognizes +yp: in auto.master - fix fix master map type check. - bz1156387 - autofs /net maps do not refresh list of shares exported on the NFS server - fix typo in update_hosts_mounts(). - fix hosts map update on reload. - bz1160446 - priv escalation via interpreter load path for program based automount maps - add a prefix to program map stdvars. - add config option to force use of program map stdvars. - bz1175671 - automount segment fault in parse_sun.so for negative parser tests - fix incorrect check in parse_mount(). - bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server - fix fix map entry duplicate offset detection (dependednt patch). - handle duplicates in multi mounts. - Resolves: rhbz#1153130 rhbz#1156387 rhbz#1160446 rhbz#1175671 rhbz#1124083 [5.0.5-110] - bz1163957 - Autofs unable to mount indirect after attempt to mount wildcard - make negative cache update consistent for all lookup modules. - ensure negative cache isn't updated on remount. - don't add wildcard to negative cache. - Resolves: rhbz#1163957 Affected Software/OS: 'autofs' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8169 73211 http://www.securityfocus.com/bid/73211 RHSA-2015:1344 http://rhn.redhat.com/errata/RHSA-2015-1344.html USN-2579-1 http://www.ubuntu.com/usn/USN-2579-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1192565 https://bugzilla.suse.com/show_bug.cgi?id=917977 openSUSE-SU-2015:0475 http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html
Copyright	Copyright (C) 2015 Greenbone AG