Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-0416)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123173

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-0416)

Resumen: The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2015-0416 advisory.

Descripción: Summary:
The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2015-0416 advisory.

Vulnerability Insight:
[1.3.3.1-13]
- release 1.3.3.1-13
- Resolves: bug 1183655 - Fixed Covscan FORWARD_NULL defects (DS 47988)

[1.3.3.1-12]
- release 1.3.3.1-12
- Resolves: bug 1182477 - Windows Sync accidentally cleared raw_entry (DS 47989)
- Resolves: bug 1180325 - upgrade script fails if /etc and /var are on different file systems (DS 47991 )
- Resolves: bug 1183655 - Schema learning mechanism, in replication, unable to extend an existing definition (DS 47988)

[1.3.3.1-11]
- release 1.3.3.1-11
- Resolves: bug 1080186 - During delete operation do not refresh cache entry if it is a tombstone (DS 47750)

[1.3.3.1-10]
- release 1.3.3.1-10
- Resolves: bug 1172731 - CVE-2014-8112 password hashing bypassed when 'nsslapd-unhashed-pw-switch' is set to off
- Resolves: bug 1166265 - DS hangs during online total update (DS 47942)
- Resolves: bug 1168151 - CVE-2014-8105 information disclosure through 'cn=changelog' subtree
- Resolves: bug 1044170 - Allow memberOf suffixes to be configurable (DS 47526)
- Resolves: bug 1171356 - Bind DN tracking unable to write to internalModifiersName without special permissions (DS 47950)
- Resolves: bug 1153737 - logconv.pl -- support parsing/showing/reporting different protocol versions (DS 47949)
- Resolves: bug 1171355 - start dirsrv after chrony on RHEL7 and Fedora (DS 47947)
- Resolves: bug 1170707 - cos_cache_build_definition_list does not stop during server shutdown (DS 47967)
- Resolves: bug 1170708 - COS memory leak when rebuilding the cache (DS - Ticket 47969)
- Resolves: bug 1170709 - Account lockout attributes incorrectly updated after failed SASL Bind (DS 47970)
- Resolves: bug 1166260 - cookie_change_info returns random negative number if there was no change in a tree (DS 47960)
- Resolves: bug 1012991 - Error log levels not displayed correctly (DS 47636)
- Resolves: bug 1108881 - rsearch filter error on any search filter (DS 47722)
- Resolves: bug 994690 - Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart (DS 47451)
- Resolves: bug 1162997 - Running a plugin task can crash the server (DS 47451)
- Resolves: bug 1166252 - RHEL7.1 ns-slapd segfault when ipa-replica-install restarts (DS 47451)
- Resolves: bug 1172597 - Crash if setting invalid plugin config area for MemberOf Plugin (DS 47525)
- Resolves: bug 1139882 - coverity defects found in 1.3.3.x (DS 47965)

[1.3.3.1-9]
- release 1.3.3.1-9
- Resolves: bug 1153737 - Disable SSL v3, by default. (DS 47928)
- Resolves: bug 1163461 - Should not check aci syntax when deleting an aci (DS 47953)

[1.3.3.1-8]
- release 1.3.3.1-8
- Resolves: bug 1156607 - Crash in entry_add_present_values_wsi_multi_valued (DS 47937)
- Resolves: bug 1153737 - Disable SSL v3, by default (DS 47928, DS 47945, DS 47948)
- Resolves: bug 1158804 - Malformed cookie for LDAP Sync makes DS crash (DS 47939)

[1.3.3.1-7]
- release 1.3.3.1-7
- Resolves: bug 1153737 - Disable SSL v3, by default ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'389-ds-base' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8105
FEDORA-2015-3368
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html
RHSA-2015:0416
http://rhn.redhat.com/errata/RHSA-2015-0416.html
RHSA-2015:0628
http://rhn.redhat.com/errata/RHSA-2015-0628.html
http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html
http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-8112
https://bugzilla.redhat.com/show_bug.cgi?id=1172729

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123173
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-0416)
Resumen:	The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2015-0416 advisory.
Descripción:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2015-0416 advisory. Vulnerability Insight: [1.3.3.1-13] - release 1.3.3.1-13 - Resolves: bug 1183655 - Fixed Covscan FORWARD_NULL defects (DS 47988) [1.3.3.1-12] - release 1.3.3.1-12 - Resolves: bug 1182477 - Windows Sync accidentally cleared raw_entry (DS 47989) - Resolves: bug 1180325 - upgrade script fails if /etc and /var are on different file systems (DS 47991 ) - Resolves: bug 1183655 - Schema learning mechanism, in replication, unable to extend an existing definition (DS 47988) [1.3.3.1-11] - release 1.3.3.1-11 - Resolves: bug 1080186 - During delete operation do not refresh cache entry if it is a tombstone (DS 47750) [1.3.3.1-10] - release 1.3.3.1-10 - Resolves: bug 1172731 - CVE-2014-8112 password hashing bypassed when 'nsslapd-unhashed-pw-switch' is set to off - Resolves: bug 1166265 - DS hangs during online total update (DS 47942) - Resolves: bug 1168151 - CVE-2014-8105 information disclosure through 'cn=changelog' subtree - Resolves: bug 1044170 - Allow memberOf suffixes to be configurable (DS 47526) - Resolves: bug 1171356 - Bind DN tracking unable to write to internalModifiersName without special permissions (DS 47950) - Resolves: bug 1153737 - logconv.pl -- support parsing/showing/reporting different protocol versions (DS 47949) - Resolves: bug 1171355 - start dirsrv after chrony on RHEL7 and Fedora (DS 47947) - Resolves: bug 1170707 - cos_cache_build_definition_list does not stop during server shutdown (DS 47967) - Resolves: bug 1170708 - COS memory leak when rebuilding the cache (DS - Ticket 47969) - Resolves: bug 1170709 - Account lockout attributes incorrectly updated after failed SASL Bind (DS 47970) - Resolves: bug 1166260 - cookie_change_info returns random negative number if there was no change in a tree (DS 47960) - Resolves: bug 1012991 - Error log levels not displayed correctly (DS 47636) - Resolves: bug 1108881 - rsearch filter error on any search filter (DS 47722) - Resolves: bug 994690 - Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart (DS 47451) - Resolves: bug 1162997 - Running a plugin task can crash the server (DS 47451) - Resolves: bug 1166252 - RHEL7.1 ns-slapd segfault when ipa-replica-install restarts (DS 47451) - Resolves: bug 1172597 - Crash if setting invalid plugin config area for MemberOf Plugin (DS 47525) - Resolves: bug 1139882 - coverity defects found in 1.3.3.x (DS 47965) [1.3.3.1-9] - release 1.3.3.1-9 - Resolves: bug 1153737 - Disable SSL v3, by default. (DS 47928) - Resolves: bug 1163461 - Should not check aci syntax when deleting an aci (DS 47953) [1.3.3.1-8] - release 1.3.3.1-8 - Resolves: bug 1156607 - Crash in entry_add_present_values_wsi_multi_valued (DS 47937) - Resolves: bug 1153737 - Disable SSL v3, by default (DS 47928, DS 47945, DS 47948) - Resolves: bug 1158804 - Malformed cookie for LDAP Sync makes DS crash (DS 47939) [1.3.3.1-7] - release 1.3.3.1-7 - Resolves: bug 1153737 - Disable SSL v3, by default ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: '389-ds-base' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8105 FEDORA-2015-3368 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html RHSA-2015:0416 http://rhn.redhat.com/errata/RHSA-2015-0416.html RHSA-2015:0628 http://rhn.redhat.com/errata/RHSA-2015-0628.html http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8112 https://bugzilla.redhat.com/show_bug.cgi?id=1172729
Copyright	Copyright (C) 2015 Greenbone AG