Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-1801)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123258

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2014-1801)

Resumen: The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory.

Descripción: Summary:
The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory.

Vulnerability Insight:
shim
[0.7-8.0.1]
- update Oracle Linux certificates (Alexey Petrenko)
- replace securebootca.cer (Alexey Petrenko)

[0.7-8]
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677

[0.7-7]
- Use the right key for ARM Aarch64.

[0.7-6]
- Preliminary build for ARM Aarch64.

shim-signed
[0.7-8.0.1]
- Oracle Linux certificates (Alexey Petrenko)

[0.7-8]
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677

[0.7-5.2]
- Get the right signatures on shim-redhat.efi
Related: rhbz#1064449

[0.7-5.1]
- Update for signed shim for RHEL 7
Resolves: rhbz#1064449

Affected Software/OS:
'shim, shim-signed' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3675
BugTraq ID: 70407
http://www.securityfocus.com/bid/70407
http://www.openwall.com/lists/oss-security/2014/10/13/4
RedHat Security Advisories: RHSA-2014:1801
http://rhn.redhat.com/errata/RHSA-2014-1801.html
XForce ISS Database: shim-cve20143675-dos(96981)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96981
Common Vulnerability Exposure (CVE) ID: CVE-2014-3676
BugTraq ID: 70409
http://www.securityfocus.com/bid/70409
XForce ISS Database: shim-cve20143676-bo(96988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96988
Common Vulnerability Exposure (CVE) ID: CVE-2014-3677
BugTraq ID: 70410
http://www.securityfocus.com/bid/70410
XForce ISS Database: shim-cve20143677-code-exec(96989)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96989

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123258
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-1801)
Resumen:	The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory.
Descripción:	Summary: The remote host is missing an update for the 'shim, shim-signed' package(s) announced via the ELSA-2014-1801 advisory. Vulnerability Insight: shim [0.7-8.0.1] - update Oracle Linux certificates (Alexey Petrenko) - replace securebootca.cer (Alexey Petrenko) [0.7-8] - out-of-bounds memory read flaw in DHCPv6 packet processing Resolves: CVE-2014-3675 - heap-based buffer overflow flaw in IPv6 address parsing Resolves: CVE-2014-3676 - memory corruption flaw when processing Machine Owner Keys (MOKs) Resolves: CVE-2014-3677 [0.7-7] - Use the right key for ARM Aarch64. [0.7-6] - Preliminary build for ARM Aarch64. shim-signed [0.7-8.0.1] - Oracle Linux certificates (Alexey Petrenko) [0.7-8] - out-of-bounds memory read flaw in DHCPv6 packet processing Resolves: CVE-2014-3675 - heap-based buffer overflow flaw in IPv6 address parsing Resolves: CVE-2014-3676 - memory corruption flaw when processing Machine Owner Keys (MOKs) Resolves: CVE-2014-3677 [0.7-5.2] - Get the right signatures on shim-redhat.efi Related: rhbz#1064449 [0.7-5.1] - Update for signed shim for RHEL 7 Resolves: rhbz#1064449 Affected Software/OS: 'shim, shim-signed' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3675 BugTraq ID: 70407 http://www.securityfocus.com/bid/70407 http://www.openwall.com/lists/oss-security/2014/10/13/4 RedHat Security Advisories: RHSA-2014:1801 http://rhn.redhat.com/errata/RHSA-2014-1801.html XForce ISS Database: shim-cve20143675-dos(96981) https://exchange.xforce.ibmcloud.com/vulnerabilities/96981 Common Vulnerability Exposure (CVE) ID: CVE-2014-3676 BugTraq ID: 70409 http://www.securityfocus.com/bid/70409 XForce ISS Database: shim-cve20143676-bo(96988) https://exchange.xforce.ibmcloud.com/vulnerabilities/96988 Common Vulnerability Exposure (CVE) ID: CVE-2014-3677 BugTraq ID: 70410 http://www.securityfocus.com/bid/70410 XForce ISS Database: shim-cve20143677-code-exec(96989) https://exchange.xforce.ibmcloud.com/vulnerabilities/96989
Copyright	Copyright (C) 2015 Greenbone AG