Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-1245)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123306

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2014-1245)

Resumen: The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2014-1245 advisory.

Descripción: Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2014-1245 advisory.

Vulnerability Insight:
[1.6.1-78.el5]
- gssapi: pull in upstream fix for a possible NULL dereference in spnego
(CVE-2014-4344, #1121509)

[1.6.1-77.el5]
- fix what appears to be a cosmetic error in the patch for self-tests
for CVE-2014-4341

[1.6.1-76.el5]
- run the backported self-tests, such as they are, for CVE-2014-4341

[1.6.1-75.el5]
- pull in backported fix for denial of service by injection of malformed
GSSAPI tokens (CVE-2014-4341, #1121509)

[1.6.1-74.el5]
- add patch based on one from Filip Krska to not call poll() with a negative
timeout when the caller's intent is for us to just stop calling it (#1089732)

[1.6.1-73.el5]
- incorporate backported upstream patch for remote crash of KDCs which serve
multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800,

[1.6.1-72.el5]
- add part-backported fix to avoid possible use-after-free when encrypting
delegated creds (Jatin Nansi, #1004632)

Affected Software/OS:
'krb5' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1418
BugTraq ID: 63555
http://www.securityfocus.com/bid/63555
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
SuSE Security Announcement: openSUSE-SU-2013:1738 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html
SuSE Security Announcement: openSUSE-SU-2013:1751 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html
SuSE Security Announcement: openSUSE-SU-2013:1833 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6800
BugTraq ID: 63770
http://www.securityfocus.com/bid/63770
Common Vulnerability Exposure (CVE) ID: CVE-2014-4341
BugTraq ID: 68909
http://www.securityfocus.com/bid/68909
Debian Security Information: DSA-3000 (Google Search)
http://www.debian.org/security/2014/dsa-3000
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
http://security.gentoo.org/glsa/glsa-201412-53.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
RedHat Security Advisories: RHSA-2015:0439
http://rhn.redhat.com/errata/RHSA-2015-0439.html
http://www.securitytracker.com/id/1030706
http://secunia.com/advisories/59102
http://secunia.com/advisories/60082
http://secunia.com/advisories/60448
XForce ISS Database: mit-kerberos-cve20144341-dos(94904)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94904
Common Vulnerability Exposure (CVE) ID: CVE-2014-4344
BugTraq ID: 69160
http://www.securityfocus.com/bid/69160
http://www.osvdb.org/109389
http://secunia.com/advisories/61051
XForce ISS Database: kerberos-cve20144344-dos(95210)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95210

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123306
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-1245)
Resumen:	The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2014-1245 advisory.
Descripción:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2014-1245 advisory. Vulnerability Insight: [1.6.1-78.el5] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121509) [1.6.1-77.el5] - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 [1.6.1-76.el5] - run the backported self-tests, such as they are, for CVE-2014-4341 [1.6.1-75.el5] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, #1121509) [1.6.1-74.el5] - add patch based on one from Filip Krska to not call poll() with a negative timeout when the caller's intent is for us to just stop calling it (#1089732) [1.6.1-73.el5] - incorporate backported upstream patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, [1.6.1-72.el5] - add part-backported fix to avoid possible use-after-free when encrypting delegated creds (Jatin Nansi, #1004632) Affected Software/OS: 'krb5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1418 BugTraq ID: 63555 http://www.securityfocus.com/bid/63555 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:1738 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html SuSE Security Announcement: openSUSE-SU-2013:1751 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1833 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6800 BugTraq ID: 63770 http://www.securityfocus.com/bid/63770 Common Vulnerability Exposure (CVE) ID: CVE-2014-4341 BugTraq ID: 68909 http://www.securityfocus.com/bid/68909 Debian Security Information: DSA-3000 (Google Search) http://www.debian.org/security/2014/dsa-3000 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://www.securitytracker.com/id/1030706 http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://secunia.com/advisories/60448 XForce ISS Database: mit-kerberos-cve20144341-dos(94904) https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 Common Vulnerability Exposure (CVE) ID: CVE-2014-4344 BugTraq ID: 69160 http://www.securityfocus.com/bid/69160 http://www.osvdb.org/109389 http://secunia.com/advisories/61051 XForce ISS Database: kerberos-cve20144344-dos(95210) https://exchange.xforce.ibmcloud.com/vulnerabilities/95210
Copyright	Copyright (C) 2015 Greenbone AG