ID de Prueba:	1.3.6.1.4.1.25623.1.0.123317
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-1167)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-1167 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-1167 advisory. Vulnerability Insight: [2.6.32-431.29.2] - [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094457 1094458] {CVE-2014-0205} - [net] vxlan: fix NULL pointer dereference (Jiri Benc) [1114549 1096351] {CVE-2014-3535} [2.6.32-431.29.1] - [mm] hugetlb: ensure hugepage access is denied if hugepages are not supported (Gustavo Duarte) [1118782 1086450] - [security] keys: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) [1115542 1113607] - [fs] lockd: Ensure that nlmclnt_block resets block->b_status after a server reboot (Steve Dickson) [1110180 959006] - [net] filter: add vlan tag access (Jiri Benc) [1108526 1082097] - [net] filter: add XOR operation (Jiri Benc) [1108526 1082097] - [net] filter: add SKF_AD_RXHASH and SKF_AD_CPU (Jiri Benc) [1108526 1082097] - [net] filter: Socket filter ancillary data access for skb->dev->type (Jiri Benc) [1108526 1082097] - [net] filter: Add SKF_AD_QUEUE instruction (Jiri Benc) [1108526 1082097] - [net] filter: ingress socket filter by mark (Jiri Benc) [1108526 1082097] - [netdrv] bonding: look for bridge IPs in arp monitoring (Veaceslav Falico) [1102794 704190] - [s390] af_iucv: wrong mapping of sent and confirmed skbs (Hendrik Brueckner) [1112390 1102248] - [s390] af_iucv: recvmsg problem for SOCK_STREAM sockets (Hendrik Brueckner) [1112390 1102248] - [s390] af_iucv: fix recvmsg by replacing skb_pull() function (Hendrik Brueckner) [1112390 1102248] - [s390] kernel: avoid page table walk on user space access (Hendrik Brueckner) [1111194 1099146] - [s390] qeth: postpone freeing of qdio memory (Hendrik Brueckner) [1112134 1094379] - [s390] qeth: Fix retry logic in hardsetup (Hendrik Brueckner) [1112134 1094379] - [s390] qeth: Recognize return codes of ccw_device_set_online (Hendrik Brueckner) [1112134 1094379] - [s390] qdio: remove API wrappers (Hendrik Brueckner) [1112134 1094379] - [scsi] Ensure medium access timeout counter resets (David Jeffery) [1117153 1036884] - [scsi] Fix error handling when no ULD is attached (David Jeffery) [1117153 1036884] - [scsi] Handle disk devices which can not process medium access commands (David Jeffery) [1117153 1036884] - [fs] nfs: Fix calls to drop_nlink() (Steve Dickson) [1099607 1093819] - [mm] swap: do not skip lowest_bit in scan_swap_map() scan loop (Rafael Aquini) [1099728 1060886] - [mm] swap: fix shmem swapping when more than 8 areas (Rafael Aquini) [1099728 1060886] - [mm] swap: fix swapon size off-by-one (Rafael Aquini) [1099728 1060886] - [md] avoid deadlock when dirty buffers during md_stop (Jes Sorensen) [1121541 994724] - [x86] hyperv: bypass the timer_irq_works() check (Jason Wang) [1112226 1040349] [2.6.32-431.28.1] - [kernel] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102704 1102705] {CVE-2014-3917} - [net] ipv4: fix route cache rebuilds (Jiri Pirko) [1113824 1111631] - [fs] nfsd: notify_change needs elevated write count (Mateusz Guzik) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0205 RHSA-2014:1365 http://rhn.redhat.com/errata/RHSA-2014-1365.html RHSA-2014:1763 http://rhn.redhat.com/errata/RHSA-2014-1763.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37 https://bugzilla.redhat.com/show_bug.cgi?id=1094455 https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704 Common Vulnerability Exposure (CVE) ID: CVE-2014-3535 69721 http://www.securityfocus.com/bid/69721 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36 https://bugzilla.redhat.com/show_bug.cgi?id=1114540 https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38 Common Vulnerability Exposure (CVE) ID: CVE-2014-3917 http://article.gmane.org/gmane.linux.kernel/1713179 http://www.openwall.com/lists/oss-security/2014/05/29/5 RedHat Security Advisories: RHSA-2014:1143 http://rhn.redhat.com/errata/RHSA-2014-1143.html RedHat Security Advisories: RHSA-2014:1281 http://rhn.redhat.com/errata/RHSA-2014-1281.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60011 http://secunia.com/advisories/60564 SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-4667 BugTraq ID: 68224 http://www.securityfocus.com/bid/68224 Debian Security Information: DSA-2992 (Google Search) http://www.debian.org/security/2014/dsa-2992 http://www.openwall.com/lists/oss-security/2014/06/27/11 http://secunia.com/advisories/59790 http://secunia.com/advisories/60596 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.