ID de Prueba:	1.3.6.1.4.1.25623.1.0.123696
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-0496)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2013-0496 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ELSA-2013-0496 advisory. Vulnerability Insight: [2.6.32-358.el6] - [fs] Fix sget() race with failing mount (Eric Sandeen) [883276] [2.6.32-357.el6] - [virt] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests (Andrew Jones) [896050] {CVE-2013-0190} - [block] sg_io: use different default filters for each device class (Paolo Bonzini) [875361] {CVE-2012-4542} - [block] sg_io: prepare for adding per-device-type filters (Paolo Bonzini) [875361] {CVE-2012-4542} - [virt] virtio-blk: Don't free ida when disk is in use (Asias He) [870344] - [netdrv] mlx4: Remove FCS bytes from packet length (Doug Ledford) [893707] - [net] netfilter: nf_ct_reasm: fix conntrack reassembly expire code (Amerigo Wang) [726807] [2.6.32-356.el6] - [char] ipmi: use a tasklet for handling received messages (Prarit Bhargava) [890160] - [char] ipmi: handle run_to_completion properly in deliver_recv_msg() (Prarit Bhargava) [890160] - [usb] xhci: Reset reserved command ring TRBs on cleanup (Don Zickus) [843520] - [usb] xhci: handle command after aborting the command ring (Don Zickus) [874541] - [usb] xhci: cancel command after command timeout (Don Zickus) [874541] - [usb] xhci: add aborting command ring function (Don Zickus) [874541] - [usb] xhci: add cmd_ring_state (Don Zickus) [874541] - [usb] xhci: Fix Null pointer dereferencing with non-DMI systems (Don Zickus) [874542] - [usb] xhci: Intel Panther Point BEI quirk (Don Zickus) [874542] - [usb] xhci: Increase XHCI suspend timeout to 16ms (Don Zickus) [874542] - [powerpc] Revert: pseries/iommu: remove default window before attempting DDW manipulation (Steve Best) [890454] - [serial] 8250_pnp: add Intermec CV60 touchscreen device (Mauro Carvalho Chehab) [894445] - [char] ipmi: apply missing hunk from upstream commit 2407d77a (Tony Camuso) [882787] - [acpi] Fix broken kernel build if CONFIG_ACPI_DEBUG is enabled (Lenny Szubowicz) [891948] - [scsi] qla2xxx: Test and clear FCPORT_UPDATE_NEEDED atomically (Chad Dupuis) [854736] - [mm] vmalloc: remove guard page from between vmap blocks (Johannes Weiner) [873737] - [mm] vmalloc: vmap area cache (Johannes Weiner) [873737] - [fs] vfs: prefer EEXIST to EROFS when creating on an RO filesystem (Eric Sandeen) [878091] - [scsi] qla2xxx: change queue depth ramp print to debug print (Rob Evers) [893113] - [fs] nfs: Fix umount when filelayout DS is also the MDS (Steve Dickson) [895194] - [fs] nfs/pnfs: add set-clear layoutdriver interface (Steve Dickson) [895194] - [fs] nfs: Don't call nfs4_deviceid_purge_client() unless we're NFSv4.1 (Steve Dickson) [895194] - [fs] nfs: Wait for session recovery to finish before returning (Steve Dickson) [895176] - [mm] compaction: validate pfn range passed to isolate_freepages_block (Johannes Weiner) [889456 890498] - [drm] nouveau: ensure legacy vga is re-enabled during POST (Ben Skeggs) [625441] - [netdrv] be2net: Remove stops to further access to BE NIC on UE bits (Ivan Vecera) [894344] - [virt] kvm: invalid ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.6 CVSS Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4508 FEDORA-2012-17479 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html RHSA-2012:1540 http://rhn.redhat.com/errata/RHSA-2012-1540.html RHSA-2013:0496 http://rhn.redhat.com/errata/RHSA-2013-0496.html RHSA-2013:1519 http://rhn.redhat.com/errata/RHSA-2013-1519.html RHSA-2013:1783 http://rhn.redhat.com/errata/RHSA-2013-1783.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html USN-1645-1 http://www.ubuntu.com/usn/USN-1645-1 USN-1899-1 http://www.ubuntu.com/usn/USN-1899-1 USN-1900-1 http://www.ubuntu.com/usn/USN-1900-1 [oss-security] 20121025 CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure http://www.openwall.com/lists/oss-security/2012/10/25/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dee1f973ca341c266229faa5a1a5bb268bed3531 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16 https://bugzilla.redhat.com/show_bug.cgi?id=869904 https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531 Common Vulnerability Exposure (CVE) ID: CVE-2012-4542 RHSA-2013:0579 http://rhn.redhat.com/errata/RHSA-2013-0579.html RHSA-2013:0882 http://rhn.redhat.com/errata/RHSA-2013-0882.html RHSA-2013:0928 http://rhn.redhat.com/errata/RHSA-2013-0928.html [linux-kernel] 20130124 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) http://marc.info/?l=linux-kernel&m=135903967015813&w=2 [linux-kernel] 20130124 [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) http://marc.info/?l=linux-kernel&m=135904012416042&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=875360 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=76a274e17114abf1a77de6b651424648ce9e10c8 Common Vulnerability Exposure (CVE) ID: CVE-2013-0190 57433 http://www.securityfocus.com/bid/57433 USN-1725-1 http://www.ubuntu.com/usn/USN-1725-1 USN-1728-1 http://www.ubuntu.com/usn/USN-1728-1 [oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. http://www.openwall.com/lists/oss-security/2013/01/16/8 [oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. http://www.openwall.com/lists/oss-security/2013/01/16/6 https://bugzilla.redhat.com/show_bug.cgi?id=896038 Common Vulnerability Exposure (CVE) ID: CVE-2013-0309 [oss-security] 20130219 Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS http://www.openwall.com/lists/oss-security/2013/02/20/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=027ef6c87853b0a9df53175063028edb4950d476 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.2 https://bugzilla.redhat.com/show_bug.cgi?id=912898 https://github.com/torvalds/linux/commit/027ef6c87853b0a9df53175063028edb4950d476 Common Vulnerability Exposure (CVE) ID: CVE-2013-0310 [oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference http://www.openwall.com/lists/oss-security/2013/02/20/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8 https://bugzilla.redhat.com/show_bug.cgi?id=912900 https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177 Common Vulnerability Exposure (CVE) ID: CVE-2013-0311 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 [oss-security] 20130219 Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor http://www.openwall.com/lists/oss-security/2013/02/20/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.7.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=912905 https://github.com/torvalds/linux/commit/bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 openSUSE-SU-2013:1187 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.