Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-1462)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123061

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-1462)

Resumen: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-1462 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-1462 advisory.

Vulnerability Insight:
[3.0.0-47.el6]
- Resolves: #1220788 - Some IPA schema files are not RFC 4512 compliant

[3.0.0-46.el6]
- Use tls version range in NSSHTTPS initialization
- Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA
client and server
- Resolves: #1012224 - host certificate not issued to client during
ipa-client-install

[3.0.0-45.el6]
- Resolves: #1205660 - ipa-client rpm should require keyutils

[3.0.0-44.el6]
- Release 3.0.0-44
- Resolves: #1201454 - ipa breaks sshd config

[3.0.0-43.el6]
- Release 3.0.0-43
- Resolves: #1191040 - ipa-client-automount: failing with error LDAP server
returned UNWILLING_TO_PERFORM. This likely means that
minssf is enabled.
- Resolves: #1185207 - ipa-client don't end new line character in
/etc/nsswitch.conf
- Resolves: #1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws
- Resolves: #1161722 - IDM client registration failure in a high load
environment
- Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA
client and server
- Resolves: #1146870 - ipa-client-install fails with 'KerbTransport instance
has no attribute '__conn'' traceback
- Resolves: #1132261 - ipa-client-install failing produces a traceback
instead of useful error message
- Resolves: #1131571 - Do not allow IdM server/replica/client installation
in a FIPS-140 mode
- Resolves: #1198160 - /usr/sbin/ipa-server-install --uninstall does not
clean /var/lib/ipa/pki-ca
- Resolves: #1198339 - ipa-client-install adds extra sss to sudoers in
nsswitch.conf
- Require: 389-ds-base >= 1.2.11.15-51
- Require: mod_nss >= 1.0.10
- Require: pki-ca >= 9.0.3-40
- Require: python-nss >= 0.16

Affected Software/OS:
'ipa' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-5312
1037035
http://www.securitytracker.com/id/1037035
71106
http://www.securityfocus.com/bid/71106
DSA-3249
http://www.debian.org/security/2015/dsa-3249
FEDORA-2022-9d655503ea
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
FEDORA-2022-bf18450366
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
RHSA-2015:0442
http://rhn.redhat.com/errata/RHSA-2015-0442.html
RHSA-2015:1462
http://rhn.redhat.com/errata/RHSA-2015-1462.html
[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0
http://seclists.org/oss-sec/2014/q4/616
[oss-security] 20141114 old CVE assignments for JQuery 1.10.0
http://seclists.org/oss-sec/2014/q4/613
http://bugs.jqueryui.com/ticket/6016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.drupal.org/sa-core-2022-002
jqueryui-cve20105312-xss(98696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
Common Vulnerability Exposure (CVE) ID: CVE-2012-6662
BugTraq ID: 71107
http://www.securityfocus.com/bid/71107
https://github.com/jquery/jquery/issues/2432
RedHat Security Advisories: RHSA-2015:0442
RedHat Security Advisories: RHSA-2015:1462
XForce ISS Database: jqueryui-cve20126662-xss(98697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123061
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-1462)
Resumen:	The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-1462 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-1462 advisory. Vulnerability Insight: [3.0.0-47.el6] - Resolves: #1220788 - Some IPA schema files are not RFC 4512 compliant [3.0.0-46.el6] - Use tls version range in NSSHTTPS initialization - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1012224 - host certificate not issued to client during ipa-client-install [3.0.0-45.el6] - Resolves: #1205660 - ipa-client rpm should require keyutils [3.0.0-44.el6] - Release 3.0.0-44 - Resolves: #1201454 - ipa breaks sshd config [3.0.0-43.el6] - Release 3.0.0-43 - Resolves: #1191040 - ipa-client-automount: failing with error LDAP server returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled. - Resolves: #1185207 - ipa-client don't end new line character in /etc/nsswitch.conf - Resolves: #1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws - Resolves: #1161722 - IDM client registration failure in a high load environment - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1146870 - ipa-client-install fails with 'KerbTransport instance has no attribute '__conn'' traceback - Resolves: #1132261 - ipa-client-install failing produces a traceback instead of useful error message - Resolves: #1131571 - Do not allow IdM server/replica/client installation in a FIPS-140 mode - Resolves: #1198160 - /usr/sbin/ipa-server-install --uninstall does not clean /var/lib/ipa/pki-ca - Resolves: #1198339 - ipa-client-install adds extra sss to sudoers in nsswitch.conf - Require: 389-ds-base >= 1.2.11.15-51 - Require: mod_nss >= 1.0.10 - Require: pki-ca >= 9.0.3-40 - Require: python-nss >= 0.16 Affected Software/OS: 'ipa' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5312 1037035 http://www.securitytracker.com/id/1037035 71106 http://www.securityfocus.com/bid/71106 DSA-3249 http://www.debian.org/security/2015/dsa-3249 FEDORA-2022-9d655503ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ FEDORA-2022-bf18450366 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ RHSA-2015:0442 http://rhn.redhat.com/errata/RHSA-2015-0442.html RHSA-2015:1462 http://rhn.redhat.com/errata/RHSA-2015-1462.html [debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E [oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/616 [oss-security] 20141114 old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/613 http://bugs.jqueryui.com/ticket/6016 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 https://security.netapp.com/advisory/ntap-20190416-0007/ https://www.drupal.org/sa-core-2022-002 jqueryui-cve20105312-xss(98696) https://exchange.xforce.ibmcloud.com/vulnerabilities/98696 Common Vulnerability Exposure (CVE) ID: CVE-2012-6662 BugTraq ID: 71107 http://www.securityfocus.com/bid/71107 https://github.com/jquery/jquery/issues/2432 RedHat Security Advisories: RHSA-2015:0442 RedHat Security Advisories: RHSA-2015:1462 XForce ISS Database: jqueryui-cve20126662-xss(98697) https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
Copyright	Copyright (C) 2015 Greenbone AG