ID de Prueba:	1.3.6.1.4.1.25623.1.0.123194
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-0102)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2015-0102 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2015-0102 advisory. Vulnerability Insight: [3.10.0-123.20.1] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.20.1] - [fs] seq_file: don't include mm.h in genksyms calculation (Ian Kent) [1184152 1183280] [3.10.0-123.19.1] - [mm] shmem: fix splicing from a hole while it's punched (Denys Vlasenko) [1118244 1118245] {CVE-2014-4171} - [mm] shmem: fix faulting into a hole, not taking i_mutex (Denys Vlasenko) [1118244 1118245] {CVE-2014-4171} - [mm] shmem: fix faulting into a hole while it's punched (Denys Vlasenko) [118244 1118245] {CVE-2014-4171} - [x86] traps: stop using IST for #SS (Petr Matousek) [1172812 1172813] {CVE-2014-9322} - [net] vxlan: fix incorrect initializer in union vxlan_addr (Daniel Borkmann) [1156611 1130643] - [net] vxlan: fix crash when interface is created with no group (Daniel Borkmann) [1156611 1130643] - [net] vxlan: fix nonfunctional neigh_reduce() (Daniel Borkmann) [1156611 1130643] - [net] vxlan: fix potential NULL dereference in arp_reduce() (Daniel Borkmann) [1156611 1130643] - [net] vxlan: remove unused port variable in vxlan_udp_encap_recv() (Daniel Borkmann) [1156611 1130643] - [net] vxlan: remove extra newline after function definition (Daniel Borkmann) [1156611 1130643] - [net] etherdevice: Use ether_addr_copy to copy an Ethernet address (Stefan Assmann) [1156611 1091126] - [fs] splice: perform generic write checks (Eric Sandeen) [1163799 1155907] {CVE-2014-7822} - [fs] eliminate BUG() call when there's an unexpected lock on file close (Frank Sorenson) [1172266 1148130] - [net] sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [1163094 1154002] {CVE-2014-7841} - [fs] lockd: Try to reconnect if statd has moved (Benjamin Coddington) [1150889 1120850] - [fs] sunrpc: Don't wake tasks during connection abort (Benjamin Coddington) [1150889 1120850] - [fs] cifs: NULL pointer dereference in SMB2_tcon (Jacob Tanenbaum) [1147528 1147529] {CVE-2014-7145} - [net] ipv6: addrconf: implement address generation modes (Jiri Pirko) [1144876 1107369] - [net] gre: add link local route when local addr is any (Jiri Pirko) [1144876 1107369] - [net] gre6: don't try to add the same route two times (Jiri Pirko) [1144876 1107369] - [fs] isofs: unbound recursion when processing relocated directories (Jacob Tanenbaum) [1142270 1142271] {CVE-2014-5471 CVE-2014-5472} - [fs] fs: seq_file: fallback to vmalloc allocation (Ian Kent) [1140302 1095623] - [fs] fs: /proc/stat: convert to single_open_size() (Ian Kent) [1140302 1095623] - [fs] fs: seq_file: always clear m->count when we free m->buf (Ian Kent) [1140302 1095623] [3.10.0-123.18.1] - [net] ipv6: fib: fix fib dump restart (Panu Matilainen) [1172795 1163605] - [net] ipv6: drop unused fib6_clean_all_ro() function and rt6_proc_arg struct (Panu Matilainen) [1172795 1163605] - [net] ipv6: avoid high order memory allocations for /proc/net/ipv6_route (Panu Matilainen) [1172795 1163605] - [mm] numa: Remove ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4171 BugTraq ID: 68157 http://www.securityfocus.com/bid/68157 http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2 http://www.openwall.com/lists/oss-security/2014/06/18/11 RedHat Security Advisories: RHSA-2014:1318 http://rhn.redhat.com/errata/RHSA-2014-1318.html RedHat Security Advisories: RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html http://www.securitytracker.com/id/1030450 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-5471 BugTraq ID: 69396 http://www.securityfocus.com/bid/69396 HPdes Security Advisory: HPSBGN03282 http://marc.info/?l=bugtraq&m=142722544401658&w=2 HPdes Security Advisory: HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 https://code.google.com/p/google-security-research/issues/detail?id=88 http://seclists.org/oss-sec/2014/q3/450 http://www.openwall.com/lists/oss-security/2014/08/27/1 RedHat Security Advisories: RHSA-2015:0695 http://rhn.redhat.com/errata/RHSA-2015-0695.html RedHat Security Advisories: RHSA-2015:0782 http://rhn.redhat.com/errata/RHSA-2015-0782.html RedHat Security Advisories: RHSA-2015:0803 http://rhn.redhat.com/errata/RHSA-2015-0803.html SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.ubuntu.com/usn/USN-2354-1 http://www.ubuntu.com/usn/USN-2355-1 http://www.ubuntu.com/usn/USN-2356-1 http://www.ubuntu.com/usn/USN-2357-1 http://www.ubuntu.com/usn/USN-2358-1 http://www.ubuntu.com/usn/USN-2359-1 XForce ISS Database: linux-kernel-isofs-bo(95481) https://exchange.xforce.ibmcloud.com/vulnerabilities/95481 Common Vulnerability Exposure (CVE) ID: CVE-2014-5472 BugTraq ID: 69428 http://www.securityfocus.com/bid/69428 XForce ISS Database: linux-kernel-cve20145472-dos(95556) https://exchange.xforce.ibmcloud.com/vulnerabilities/95556 Common Vulnerability Exposure (CVE) ID: CVE-2014-7145 BugTraq ID: 69867 http://www.securityfocus.com/bid/69867 http://www.openwall.com/lists/oss-security/2014/09/22/4 http://www.ubuntu.com/usn/USN-2394-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7822 117810 http://www.osvdb.org/117810 36743 https://www.exploit-db.com/exploits/36743/ 72347 http://www.securityfocus.com/bid/72347 DSA-3170 http://www.debian.org/security/2015/dsa-3170 RHSA-2015:0102 RHSA-2015:0164 http://rhn.redhat.com/errata/RHSA-2015-0164.html RHSA-2015:0674 http://rhn.redhat.com/errata/RHSA-2015-0674.html RHSA-2015:0694 http://rhn.redhat.com/errata/RHSA-2015-0694.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html USN-2541-1 http://www.ubuntu.com/usn/USN-2541-1 USN-2542-1 http://www.ubuntu.com/usn/USN-2542-1 USN-2543-1 http://www.ubuntu.com/usn/USN-2543-1 USN-2544-1 http://www.ubuntu.com/usn/USN-2544-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1163792 https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958 openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-7841 62305 http://secunia.com/advisories/62305 62597 http://secunia.com/advisories/62597 62735 http://secunia.com/advisories/62735 71081 http://www.securityfocus.com/bid/71081 DSA-3093 http://www.debian.org/security/2014/dsa-3093 RHSA-2015:0087 http://rhn.redhat.com/errata/RHSA-2015-0087.html RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html RHSA-2015:0285 http://rhn.redhat.com/errata/RHSA-2015-0285.html RHSA-2015:0695 SUSE-SU-2015:0481 SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html [oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet http://www.openwall.com/lists/oss-security/2014/11/13/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864 http://linux.oracle.com/errata/ELSA-2015-3004.html http://linux.oracle.com/errata/ELSA-2015-3005.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4 https://bugzilla.redhat.com/show_bug.cgi?id=1163087 https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864 https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html openSUSE-SU-2015:0566
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.