Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0517)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123703

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2013-0517)

Resumen: The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory.

Descripción: Summary:
The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory.

Vulnerability Insight:
[2.17.2-12.9]
- fix #892471 - CVE-2013-0157 mount folder existence information disclosure

[2.17.2-12.8]
- fix #679833 - [RFE] tailf should support
- fix #719927 - [RFE] add adjtimex --compare functionality to hwclock
- fix #730272 - losetup does not warn if backing file is < 512 bytes
- fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors
- fix #736245 - lscpu segfault on non-uniform cpu configuration
- fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong
- fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte
- fix #818621 - lsblk should not open device it prints info about
- fix #819945 - hwclock --systz causes a system time jump
- fix #820183 - mount(8) man page should include relatime in defaults definition
- fix #823008 - update to the latest upstream lscpu and chcpu
- fix #837935 - lscpu coredumps on a system with 158 active processors
- fix #839281 - inode_readahead for ext4 should be inode_readahead_blks
- fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail
- fix #845971 - while reading /etc/fstab, mount command returns a device before a directory
- fix #858009 - login doesn't update /var/run/utmp properly
- fix #809449 - Backport inverse tree (-s) option for lsblk and related patches
- fix #809139 - lsblk option -D missing in manpage

Affected Software/OS:
'util-linux-ng' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0157
88953
http://osvdb.org/88953
MDVSA-2013:154
http://www.mandriva.com/security/advisories?name=MDVSA-2013:154
RHSA-2013:0517
http://rhn.redhat.com/errata/RHSA-2013-0517.html
[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders
http://marc.info/?l=oss-security&m=135749410312247&w=2
http://bugs.debian.org/697464
https://bugzilla.redhat.com/show_bug.cgi?id=892330

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123703
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-0517)
Resumen:	The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory.
Descripción:	Summary: The remote host is missing an update for the 'util-linux-ng' package(s) announced via the ELSA-2013-0517 advisory. Vulnerability Insight: [2.17.2-12.9] - fix #892471 - CVE-2013-0157 mount folder existence information disclosure [2.17.2-12.8] - fix #679833 - [RFE] tailf should support - fix #719927 - [RFE] add adjtimex --compare functionality to hwclock - fix #730272 - losetup does not warn if backing file is < 512 bytes - fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors - fix #736245 - lscpu segfault on non-uniform cpu configuration - fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong - fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte - fix #818621 - lsblk should not open device it prints info about - fix #819945 - hwclock --systz causes a system time jump - fix #820183 - mount(8) man page should include relatime in defaults definition - fix #823008 - update to the latest upstream lscpu and chcpu - fix #837935 - lscpu coredumps on a system with 158 active processors - fix #839281 - inode_readahead for ext4 should be inode_readahead_blks - fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail - fix #845971 - while reading /etc/fstab, mount command returns a device before a directory - fix #858009 - login doesn't update /var/run/utmp properly - fix #809449 - Backport inverse tree (-s) option for lsblk and related patches - fix #809139 - lsblk option -D missing in manpage Affected Software/OS: 'util-linux-ng' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0157 88953 http://osvdb.org/88953 MDVSA-2013:154 http://www.mandriva.com/security/advisories?name=MDVSA-2013:154 RHSA-2013:0517 http://rhn.redhat.com/errata/RHSA-2013-0517.html [oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders http://marc.info/?l=oss-security&m=135749410312247&w=2 http://bugs.debian.org/697464 https://bugzilla.redhat.com/show_bug.cgi?id=892330
Copyright	Copyright (C) 2015 Greenbone AG