ID de Prueba:	1.3.6.1.4.1.25623.1.0.123095
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-1137)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2015-1137 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2015-1137 advisory. Vulnerability Insight: [3.10.0-229.7.2] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-229.7.2] - [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202861 1198843] {CVE-2015-1805} [3.10.0-229.7.1] - [scsi] storvsc: get rid of overly verbose warning messages (Vitaly Kuznetsov) [1215770 1206437] - [scsi] storvsc: force discovery of LUNs that may have been removed (Vitaly Kuznetsov) [1215770 1206437] - [scsi] storvsc: in response to a scan event, scan the host (Vitaly Kuznetsov) [1215770 1206437] - [scsi] storvsc: NULL pointer dereference fix (Vitaly Kuznetsov) [1215770 1206437] - [virtio] defer config changed notifications (David Gibson) [1220278 1196009] - [virtio] unify config_changed handling (David Gibson) [1220278 1196009] - [x86] kernel: Remove a bogus 'ret_from_fork' optimization (Mateusz Guzik) [1209234 1209235] {CVE-2015-2830} - [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1219169 1205862] - [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1219169 1205862] - [scsi] megaraid_sas: revert: Add release date and update driver version (Tomas Henzl) [1216213 1207175] - [kernel] module: set nx before marking module MODULE_STATE_COMING (Hendrik Brueckner) [1214788 1196977] - [kernel] module: Clean up ro/nx after early module load failures (Pratyush Anand) [1214403 1202866] - [drm] radeon: fix kernel segfault in hwmonitor (Jerome Glisse) [1213467 1187817] - [fs] btrfs: make xattr replace operations atomic (Eric Sandeen) [1205086 1205873] - [x86] mm: Linux stack ASLR implementation (Jacob Tanenbaum) [1195684 1195685] {CVE-2015-1593} - [net] netfilter: nf_tables: fix flush ruleset chain dependencies (Jiri Pirko) [1192880 1192881] {CVE-2015-1573} - [fs] isofs: Fix unchecked printing of ER records (Mateusz Guzik) [1180482 1180483] {CVE-2014-9584} - [security] keys: memory corruption or panic during key garbage collection (Jacob Tanenbaum) [1179851 1179852] {CVE-2014-9529} - [fs] isofs: infinite loop in CE record entries (Jacob Tanenbaum) [1175246 1175248] {CVE-2014-9420} [3.10.0-229.6.1] - [net] tcp: abort orphan sockets stalling on zero window probes (Florian Westphal) [1215924 1151756] - [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt Stutsman) [1213331 1212178] {CVE-2015-3331} [3.10.0-229.5.1] - [powerpc] mm: thp: Add tracepoints to track hugepage invalidate (Gustavo Duarte) [1212977 1199016] - [powerpc] mm: Use read barrier when creating real_pte (Gustavo Duarte) [1212977 1199016] - [powerpc] mm: thp: Use ACCESS_ONCE when loading pmdp (Gustavo Duarte) [1212977 1199016] - [powerpc] mm: thp: Invalidate with vpn in loop (Gustavo Duarte) [1212977 1199016] - [powerpc] mm: thp: Handle combo pages in invalidate (Gustavo Duarte) [1212977 1199016] - [powerpc] mm: thp: Invalidate old 64K based hash page mapping before insert of 4k pte (Gustavo Duarte) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9420 62801 http://secunia.com/advisories/62801 FEDORA-2015-0515 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html FEDORA-2015-0517 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html MDVSA-2015:058 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 RHSA-2015:1081 http://rhn.redhat.com/errata/RHSA-2015-1081.html RHSA-2015:1137 http://rhn.redhat.com/errata/RHSA-2015-1137.html RHSA-2015:1138 http://rhn.redhat.com/errata/RHSA-2015-1138.html SUSE-SU-2015:0178 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html USN-2490-1 http://www.ubuntu.com/usn/USN-2490-1 USN-2491-1 http://www.ubuntu.com/usn/USN-2491-1 USN-2492-1 http://www.ubuntu.com/usn/USN-2492-1 USN-2493-1 http://www.ubuntu.com/usn/USN-2493-1 USN-2515-1 http://www.ubuntu.com/usn/USN-2515-1 USN-2516-1 http://www.ubuntu.com/usn/USN-2516-1 USN-2517-1 http://www.ubuntu.com/usn/USN-2517-1 USN-2518-1 http://www.ubuntu.com/usn/USN-2518-1 [oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records http://www.openwall.com/lists/oss-security/2014/12/25/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=1175235 https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d https://source.android.com/security/bulletin/2017-01-01.html openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9529 BugTraq ID: 71880 http://www.securityfocus.com/bid/71880 Debian Security Information: DSA-3128 (Google Search) http://www.debian.org/security/2015/dsa-3128 http://www.openwall.com/lists/oss-security/2015/01/06/10 RedHat Security Advisories: RHSA-2015:0864 http://rhn.redhat.com/errata/RHSA-2015-0864.html RedHat Security Advisories: RHSA-2015:1137 RedHat Security Advisories: RHSA-2015:1138 http://www.securitytracker.com/id/1036763 SuSE Security Announcement: openSUSE-SU-2015:0714 (Google Search) http://www.ubuntu.com/usn/USN-2511-1 http://www.ubuntu.com/usn/USN-2512-1 http://www.ubuntu.com/usn/USN-2513-1 http://www.ubuntu.com/usn/USN-2514-1 XForce ISS Database: linux-kernel-cve20149529-dos(99641) https://exchange.xforce.ibmcloud.com/vulnerabilities/99641 Common Vulnerability Exposure (CVE) ID: CVE-2014-9584 71883 http://www.securityfocus.com/bid/71883 DSA-3128 RHSA-2015:0864 SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html USN-2511-1 USN-2512-1 USN-2513-1 USN-2514-1 [oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records http://www.openwall.com/lists/oss-security/2015/01/09/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 https://bugzilla.redhat.com/show_bug.cgi?id=1180119 https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696 openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1573 BugTraq ID: 72552 http://www.securityfocus.com/bid/72552 http://www.openwall.com/lists/oss-security/2015/02/10/13 Common Vulnerability Exposure (CVE) ID: CVE-2015-1593 BugTraq ID: 72607 http://www.securityfocus.com/bid/72607 Debian Security Information: DSA-3170 (Google Search) http://www.debian.org/security/2015/dsa-3170 http://hmarco.org/bugs/linux-ASLR-integer-overflow.html https://lkml.org/lkml/2015/1/7/811 http://www.openwall.com/lists/oss-security/2015/02/13/13 RedHat Security Advisories: RHSA-2015:1221 http://rhn.redhat.com/errata/RHSA-2015-1221.html RedHat Security Advisories: RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517 SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search) http://www.ubuntu.com/usn/USN-2560-1 http://www.ubuntu.com/usn/USN-2561-1 http://www.ubuntu.com/usn/USN-2562-1 http://www.ubuntu.com/usn/USN-2563-1 http://www.ubuntu.com/usn/USN-2564-1 http://www.ubuntu.com/usn/USN-2565-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1805 1032454 http://www.securitytracker.com/id/1032454 74951 http://www.securityfocus.com/bid/74951 DSA-3290 http://www.debian.org/security/2015/dsa-3290 RHSA-2015:1042 http://rhn.redhat.com/errata/RHSA-2015-1042.html RHSA-2015:1082 http://rhn.redhat.com/errata/RHSA-2015-1082.html RHSA-2015:1120 http://rhn.redhat.com/errata/RHSA-2015-1120.html RHSA-2015:1190 http://rhn.redhat.com/errata/RHSA-2015-1190.html RHSA-2015:1199 http://rhn.redhat.com/errata/RHSA-2015-1199.html RHSA-2015:1211 http://rhn.redhat.com/errata/RHSA-2015-1211.html SUSE-SU-2015:1224 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html SUSE-SU-2015:1324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html SUSE-SU-2015:1478 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html SUSE-SU-2015:1487 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html SUSE-SU-2015:1490 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html SUSE-SU-2015:1491 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html SUSE-SU-2015:1592 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SUSE-SU-2015:1611 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html USN-2679-1 http://www.ubuntu.com/usn/USN-2679-1 USN-2680-1 http://www.ubuntu.com/usn/USN-2680-1 USN-2681-1 http://www.ubuntu.com/usn/USN-2681-1 USN-2967-1 http://www.ubuntu.com/usn/USN-2967-1 USN-2967-2 http://www.ubuntu.com/usn/USN-2967-2 [oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption http://www.openwall.com/lists/oss-security/2015/06/06/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 http://source.android.com/security/bulletin/2016-04-02.html http://source.android.com/security/bulletin/2016-05-01.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1202855 https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1 https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045 Common Vulnerability Exposure (CVE) ID: CVE-2015-2830 Debian Security Information: DSA-3237 (Google Search) http://www.debian.org/security/2015/dsa-3237 http://www.openwall.com/lists/oss-security/2015/04/02/1 http://www.securitytracker.com/id/1032413 SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search) SuSE Security Announcement: SUSE-SU-2015:1592 (Google Search) SuSE Security Announcement: SUSE-SU-2015:1611 (Google Search) http://www.ubuntu.com/usn/USN-2631-1 http://www.ubuntu.com/usn/USN-2632-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.