ID de Prueba:	1.3.6.1.4.1.25623.1.0.123354
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-0786)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-0786 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2014-0786 advisory. Vulnerability Insight: [3.10.0-123.4.2] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.4.2] - [fs] aio: fix plug memory disclosure and fix reqs_active accounting backport (Jeff Moyer) [1094604 1094605] {CVE-2014-0206} - [fs] aio: plug memory disclosure and fix reqs_active accounting (Mateusz Guzik) [1094604 1094605] {CVE-2014-0206} [3.10.0-123.4.1] - [kernel] futex: Make lookup_pi_state more robust (Larry Woodman) [1104519 1104520] {CVE-2014-3153} - [kernel] futex: Always cleanup owner tid in unlock_pi (Larry Woodman) [1104519 1104520] {CVE-2014-3153} - [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Larry Woodman) [1104519 1104520] {CVE-2014-3153} - [kernel] futex: prevent requeue pi on same futex (Larry Woodman) [1104519 1104520] {CVE-2014-3153} - [ethernet] qlcnic: Fix ethtool statistics length calculation (Michal Schmidt) [1104972 1099634] - Revert: [kernel] cputime: Default implementation of nsecs -> cputime conversion (Frederic Weisbecker) [1090974 1047732] - Revert: [kernel] cputime: Bring cputime -> nsecs conversion (Frederic Weisbecker) [1090974 1047732] - Revert: [kernel] cputime: Fix jiffies based cputime assumption on steal accounting (Frederic Weisbecker) [1090974 1047732] [3.10.0-123.3.1] - [kernel] mutexes: Give more informative mutex warning in the !lock->owner case (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] mutex: replace CONFIG_HAVE_ARCH_MUTEX_CPU_RELAX with simple ifdef (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] locking/mutexes: Modify the way optimistic spinners are queued (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] Restructure the MCS lock defines and locking & Move mcs_spinlock.h into kernel/locking/ (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [misc] arch: Introduce smp_load_acquire(), smp_store_release() (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] locking/mutex: Fix debug_mutexes (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] locking/mutex: Fix debug checks (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] - [kernel] locking/mutexes: Unlock the mutex without the wait_lock (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922] [3.10.0-123.2.1] - [net] filter: prevent nla extensions to peek beyond the end of the message (Jiri Benc) [1096780 1096781] {CVE-2014-3144 CVE-2014-3145} - [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094316 1094318] ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0206 1030479 http://www.securitytracker.com/id/1030479 1038201 http://www.securitytracker.com/id/1038201 59278 http://secunia.com/advisories/59278 68176 http://www.securityfocus.com/bid/68176 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=edfbbf388f293d70bf4b7c0bc38774d05e6f711a https://bugzilla.redhat.com/show_bug.cgi?id=1094602 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edfbbf388f29 https://github.com/torvalds/linux/commit/edfbbf388f293d70bf4b7c0bc38774d05e6f711a https://source.android.com/security/bulletin/2017-04-01 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.24 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.10 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.3 Common Vulnerability Exposure (CVE) ID: CVE-2014-1737 BugTraq ID: 67300 http://www.securityfocus.com/bid/67300 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 Debian Security Information: DSA-2928 (Google Search) http://www.debian.org/security/2014/dsa-2928 http://www.openwall.com/lists/oss-security/2014/05/09/2 RedHat Security Advisories: RHSA-2014:0800 http://rhn.redhat.com/errata/RHSA-2014-0800.html RedHat Security Advisories: RHSA-2014:0801 http://rhn.redhat.com/errata/RHSA-2014-0801.html http://www.securitytracker.com/id/1030474 http://secunia.com/advisories/59262 http://secunia.com/advisories/59309 http://secunia.com/advisories/59406 http://secunia.com/advisories/59599 SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1738 BugTraq ID: 67302 http://www.securityfocus.com/bid/67302 Common Vulnerability Exposure (CVE) ID: CVE-2014-2568 BugTraq ID: 66348 http://www.securityfocus.com/bid/66348 https://lkml.org/lkml/2014/3/20/421 http://seclists.org/oss-sec/2014/q1/627 http://www.openwall.com/lists/oss-security/2014/03/20/16 http://www.ubuntu.com/usn/USN-2240-1 XForce ISS Database: linux-kernel-cve20142568-info-disclosure(91922) https://exchange.xforce.ibmcloud.com/vulnerabilities/91922 Common Vulnerability Exposure (CVE) ID: CVE-2014-2851 BugTraq ID: 66779 http://www.securityfocus.com/bid/66779 https://lkml.org/lkml/2014/4/10/736 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securitytracker.com/id/1030769 http://secunia.com/advisories/59386 Common Vulnerability Exposure (CVE) ID: CVE-2014-3144 58990 http://secunia.com/advisories/58990 59311 http://secunia.com/advisories/59311 59597 http://secunia.com/advisories/59597 60613 http://secunia.com/advisories/60613 67309 http://www.securityfocus.com/bid/67309 DSA-2949 http://www.debian.org/security/2014/dsa-2949 USN-2251-1 http://www.ubuntu.com/usn/USN-2251-1 USN-2252-1 http://www.ubuntu.com/usn/USN-2252-1 USN-2259-1 http://www.ubuntu.com/usn/USN-2259-1 USN-2261-1 http://www.ubuntu.com/usn/USN-2261-1 USN-2262-1 http://www.ubuntu.com/usn/USN-2262-1 USN-2263-1 http://www.ubuntu.com/usn/USN-2263-1 USN-2264-1 http://www.ubuntu.com/usn/USN-2264-1 [oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message http://www.openwall.com/lists/oss-security/2014/05/09/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3 Common Vulnerability Exposure (CVE) ID: CVE-2014-3145 67321 http://www.securityfocus.com/bid/67321 Common Vulnerability Exposure (CVE) ID: CVE-2014-3153 BugTraq ID: 67906 http://www.securityfocus.com/bid/67906 Debian Security Information: DSA-2949 (Google Search) http://www.exploit-db.com/exploits/35370 https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html https://github.com/elongl/CVE-2014-3153 https://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.openwall.com/lists/oss-security/2014/06/05/22 http://openwall.com/lists/oss-security/2014/06/05/24 http://openwall.com/lists/oss-security/2014/06/06/20 http://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.securitytracker.com/id/1030451 http://secunia.com/advisories/58500 http://secunia.com/advisories/59029 http://secunia.com/advisories/59092 http://secunia.com/advisories/59153 SuSE Security Announcement: SUSE-SU-2014:0775 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html SuSE Security Announcement: SUSE-SU-2014:0796 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html SuSE Security Announcement: SUSE-SU-2014:0837 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0878 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html http://www.ubuntu.com/usn/USN-2237-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.