ID de Prueba:	1.3.6.1.4.1.25623.1.0.123129
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-0864)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2015-0864 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2015-0864 advisory. Vulnerability Insight: [2.6.32-504.16.2] - [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159} [2.6.32-504.16.1] - [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559] - [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529} - [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421} - [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559] - [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334] - [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013] - [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395] - [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395] - [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314] - [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115] - [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690} - [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584} - [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763] - [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884} - [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825} - [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831] - [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831] - [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3215 BugTraq ID: 67341 http://www.securityfocus.com/bid/67341 http://www.mandriva.com/security/advisories?name=MDVSA-2015:156 http://openwall.com/lists/oss-security/2014/04/29/7 http://openwall.com/lists/oss-security/2014/04/30/4 http://openwall.com/lists/oss-security/2014/05/08/1 RedHat Security Advisories: RHSA-2015:0864 http://rhn.redhat.com/errata/RHSA-2015-0864.html http://secunia.com/advisories/59007 SuSE Security Announcement: openSUSE-SU-2014:0749 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3690 60174 http://secunia.com/advisories/60174 70691 http://www.securityfocus.com/bid/70691 DSA-3060 http://www.debian.org/security/2014/dsa-3060 MDVSA-2015:058 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 RHSA-2015:0290 http://rhn.redhat.com/errata/RHSA-2015-0290.html RHSA-2015:0782 http://rhn.redhat.com/errata/RHSA-2015-0782.html RHSA-2015:0864 SUSE-SU-2015:0178 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html USN-2417-1 http://www.ubuntu.com/usn/USN-2417-1 USN-2418-1 http://www.ubuntu.com/usn/USN-2418-1 USN-2419-1 http://www.ubuntu.com/usn/USN-2419-1 USN-2420-1 http://www.ubuntu.com/usn/USN-2420-1 USN-2421-1 http://www.ubuntu.com/usn/USN-2421-1 [oss-security] 20141021 CVE-2014-3690: KVM DoS triggerable by malicious host userspace http://www.openwall.com/lists/oss-security/2014/10/21/4 [oss-security] 20141029 Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace http://www.openwall.com/lists/oss-security/2014/10/29/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2 https://bugzilla.redhat.com/show_bug.cgi?id=1153322 https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-7825 70972 http://www.securityfocus.com/bid/70972 RHSA-2014:1943 http://rhn.redhat.com/errata/RHSA-2014-1943.html [oss-security] 20141106 Exploitable issues in Linux perf/ftrace subsystems http://www.openwall.com/lists/oss-security/2014/11/06/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=086ba77a6db00ed858ff07451bedee197df868c9 https://bugzilla.redhat.com/show_bug.cgi?id=1161565 https://github.com/torvalds/linux/commit/086ba77a6db00ed858ff07451bedee197df868c9 linux-kernel-cve20147825-dos(98557) https://exchange.xforce.ibmcloud.com/vulnerabilities/98557 Common Vulnerability Exposure (CVE) ID: CVE-2014-7826 70971 http://www.securityfocus.com/bid/70971 linux-kernel-cve20147826-dos(98556) https://exchange.xforce.ibmcloud.com/vulnerabilities/98556 Common Vulnerability Exposure (CVE) ID: CVE-2014-8171 74293 http://www.securityfocus.com/bid/74293 RHSA-2015:2152 http://rhn.redhat.com/errata/RHSA-2015-2152.html RHSA-2015:2411 http://rhn.redhat.com/errata/RHSA-2015-2411.html RHSA-2016:0068 http://rhn.redhat.com/errata/RHSA-2016-0068.html https://bugzilla.redhat.com/show_bug.cgi?id=1198109 Common Vulnerability Exposure (CVE) ID: CVE-2014-8884 Debian Security Information: DSA-3093 (Google Search) http://www.debian.org/security/2014/dsa-3093 http://www.openwall.com/lists/oss-security/2014/11/14/7 RedHat Security Advisories: RHSA-2015:0290 RedHat Security Advisories: RHSA-2015:0782 http://secunia.com/advisories/62305 Common Vulnerability Exposure (CVE) ID: CVE-2014-9529 BugTraq ID: 71880 http://www.securityfocus.com/bid/71880 Debian Security Information: DSA-3128 (Google Search) http://www.debian.org/security/2015/dsa-3128 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://www.openwall.com/lists/oss-security/2015/01/06/10 RedHat Security Advisories: RHSA-2015:1137 http://rhn.redhat.com/errata/RHSA-2015-1137.html RedHat Security Advisories: RHSA-2015:1138 http://rhn.redhat.com/errata/RHSA-2015-1138.html http://www.securitytracker.com/id/1036763 SuSE Security Announcement: openSUSE-SU-2015:0714 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://www.ubuntu.com/usn/USN-2511-1 http://www.ubuntu.com/usn/USN-2512-1 http://www.ubuntu.com/usn/USN-2513-1 http://www.ubuntu.com/usn/USN-2514-1 http://www.ubuntu.com/usn/USN-2515-1 http://www.ubuntu.com/usn/USN-2516-1 http://www.ubuntu.com/usn/USN-2517-1 http://www.ubuntu.com/usn/USN-2518-1 XForce ISS Database: linux-kernel-cve20149529-dos(99641) https://exchange.xforce.ibmcloud.com/vulnerabilities/99641 Common Vulnerability Exposure (CVE) ID: CVE-2014-9584 71883 http://www.securityfocus.com/bid/71883 DSA-3128 RHSA-2015:1137 RHSA-2015:1138 SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html USN-2511-1 USN-2512-1 USN-2513-1 USN-2514-1 USN-2515-1 USN-2516-1 USN-2517-1 USN-2518-1 [oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records http://www.openwall.com/lists/oss-security/2015/01/09/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=1180119 https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696 openSUSE-SU-2015:0714 Common Vulnerability Exposure (CVE) ID: CVE-2015-1421 BugTraq ID: 72356 http://www.securityfocus.com/bid/72356 Debian Security Information: DSA-3170 (Google Search) http://www.debian.org/security/2015/dsa-3170 http://www.openwall.com/lists/oss-security/2015/01/29/15 RedHat Security Advisories: RHSA-2015:0726 http://rhn.redhat.com/errata/RHSA-2015-0726.html RedHat Security Advisories: RHSA-2015:0751 http://rhn.redhat.com/errata/RHSA-2015-0751.html RedHat Security Advisories: RHSA-2015:1082 http://rhn.redhat.com/errata/RHSA-2015-1082.html http://www.securitytracker.com/id/1032172 SuSE Security Announcement: SUSE-SU-2015:0832 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.html SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://www.ubuntu.com/usn/USN-2541-1 http://www.ubuntu.com/usn/USN-2542-1 http://www.ubuntu.com/usn/USN-2545-1 http://www.ubuntu.com/usn/USN-2546-1 http://www.ubuntu.com/usn/USN-2562-1 http://www.ubuntu.com/usn/USN-2563-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.