Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-3016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123436

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2014-3016)

Resumen: The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.34.4.el5uek, mlnx_en-2.6.32-400.34.4.el6uek, ofa-2.6.32-400.34.4.el5uek, ofa-2.6.32-400.34.4.el6uek' package(s) announced via the ELSA-2014-3016 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.34.4.el5uek, mlnx_en-2.6.32-400.34.4.el6uek, ofa-2.6.32-400.34.4.el5uek, ofa-2.6.32-400.34.4.el6uek' package(s) announced via the ELSA-2014-3016 advisory.

Vulnerability Insight:
kernel-uek
[2.6.32-400.34.4uek]
- netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18462076] {CVE-2014-2523}
- net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461091] {CVE-2014-0101}

Affected Software/OS:
'kernel-uek, mlnx_en-2.6.32-400.34.4.el5uek, mlnx_en-2.6.32-400.34.4.el6uek, ofa-2.6.32-400.34.4.el5uek, ofa-2.6.32-400.34.4.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0101
59216
http://secunia.com/advisories/59216
65943
http://www.securityfocus.com/bid/65943
RHSA-2014:0328
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RHSA-2014:0419
http://rhn.redhat.com/errata/RHSA-2014-0419.html
RHSA-2014:0432
http://rhn.redhat.com/errata/RHSA-2014-0432.html
USN-2173-1
http://www.ubuntu.com/usn/USN-2173-1
USN-2174-1
http://www.ubuntu.com/usn/USN-2174-1
[oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
http://www.openwall.com/lists/oss-security/2014/03/04/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html
https://bugzilla.redhat.com/show_bug.cgi?id=1070705
https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729
Common Vulnerability Exposure (CVE) ID: CVE-2014-2523
BugTraq ID: 66279
http://www.securityfocus.com/bid/66279
http://twitter.com/grsecurity/statuses/445496197399461888
http://www.openwall.com/lists/oss-security/2014/03/17/7
http://www.securitytracker.com/id/1029945
http://secunia.com/advisories/57446
XForce ISS Database: linux-kernel-cve20142523-code-exec(91910)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91910

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123436
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-3016)
Resumen:	The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.34.4.el5uek, mlnx_en-2.6.32-400.34.4.el6uek, ofa-2.6.32-400.34.4.el5uek, ofa-2.6.32-400.34.4.el6uek' package(s) announced via the ELSA-2014-3016 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-uek, mlnx_en-2.6.32-400.34.4.el5uek, mlnx_en-2.6.32-400.34.4.el6uek, ofa-2.6.32-400.34.4.el5uek, ofa-2.6.32-400.34.4.el6uek' package(s) announced via the ELSA-2014-3016 advisory. Vulnerability Insight: kernel-uek [2.6.32-400.34.4uek] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18462076] {CVE-2014-2523} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461091] {CVE-2014-0101} Affected Software/OS: 'kernel-uek, mlnx_en-2.6.32-400.34.4.el5uek, mlnx_en-2.6.32-400.34.4.el6uek, ofa-2.6.32-400.34.4.el5uek, ofa-2.6.32-400.34.4.el6uek' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0101 59216 http://secunia.com/advisories/59216 65943 http://www.securityfocus.com/bid/65943 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0419 http://rhn.redhat.com/errata/RHSA-2014-0419.html RHSA-2014:0432 http://rhn.redhat.com/errata/RHSA-2014-0432.html USN-2173-1 http://www.ubuntu.com/usn/USN-2173-1 USN-2174-1 http://www.ubuntu.com/usn/USN-2174-1 [oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk http://www.openwall.com/lists/oss-security/2014/03/04/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html https://bugzilla.redhat.com/show_bug.cgi?id=1070705 https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729 Common Vulnerability Exposure (CVE) ID: CVE-2014-2523 BugTraq ID: 66279 http://www.securityfocus.com/bid/66279 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securitytracker.com/id/1029945 http://secunia.com/advisories/57446 XForce ISS Database: linux-kernel-cve20142523-code-exec(91910) https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
Copyright	Copyright (C) 2015 Greenbone AG